Error: Simple signature validation (with no request-derived credentials) failed
Ryan Rumbaugh
rrumbaugh at nebraska.edu
Fri Apr 1 15:09:48 UTC 2022
Hmm, we’re used to handling that quite often, but what is confusing to me is the SP does have an encryption certificate with this in their metadata,
<KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:x509Data>….
in addition to the signing cert (same cert)
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:x509Data>
--
Ryan Rumbaugh
From: Cantor, Scott <cantor.2 at osu.edu>
Date: Friday, April 1, 2022 at 9:52 AM
To: Shib Users <users at shibboleth.net>
Cc: Ryan Rumbaugh <rrumbaugh at nebraska.edu>
Subject: Re: Error: Simple signature validation (with no request-derived credentials) failed
Non-NU Email
That's encryption. If you don't allow the IdP to treat that as optional or turn it off explicitly, encryption is assumed to be mandatory.
Most people probably set the property to make encryption optional I would think, I certainly do.
-- Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220401/fa44ae6e/attachment.htm>
More information about the users
mailing list