signature validation failure
Bobby Lawrence
robertl at jlab.org
Wed Apr 6 16:55:10 UTC 2022
Ok...
One more question....some background first....this SP recently underwent a key rollover a week ago. They do not publish their metadata at a place where we can get it dynamically, but I went in and updated the X590Data->X509Certificate in our local copy of their metadata with their new certificate.
So I don’t know if the problem is that we have the wrong certificate (unlikely) or that they are signing with their old private key. Is there any way to verify this? All I have from their request is the RSA key modulus and the exponent. Should I be able to extract the public key from the certificate we have on file, extract the modulus from that and then compare the values (after base64 encoding it)?
-----Original Message-----
From: Cantor, Scott <cantor.2 at osu.edu>
Sent: Wednesday, April 06, 2022 12:37 PM
To: Shib Users <users at shibboleth.net>
Cc: Bobby Lawrence <robertl at jlab.org>
Subject: [EXTERNAL] Re: signature validation failure
On 4/6/22, 12:05 PM, "users on behalf of Bobby Lawrence via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> For some reason, IdP (v3.4.7) is failing this request….it states
> the signature is valid but fails to establish the trust for this key. I do not know why…can anyone help?
It's telling you why, the key isn't the key from the certificate in the metadata.
-- Scott
More information about the users
mailing list