AW: Exception unwrapping data: Tag mismatch! in "Profile Action ValidateGrant"

[Bergmann, Clemens]

Hi Scott,

tanks for pointing me in the right direction.

We did not use the sealer for the other protocols as we use a server-side database storage service.
Now I configure the same sealer JSK for all Servers and everything seems to work fine.
I Could not find an option in the documentation to use server-side storage for OIDC tokens. Is there currently no such option?

Viele Grüße
Clemens (Bergmann)
-- 
Clemens Bergmann
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
http://www.hrz.tu-darmstadt.de/


> -----Ursprüngliche Nachricht-----
> Von: users <users-bounces at shibboleth.net> Im Auftrag von Cantor, Scott
> via users
> Gesendet: Samstag, 9. April 2022 00:23
> An: Shib Users <users at shibboleth.net>
> Cc: Cantor, Scott <cantor.2 at osu.edu>
> Betreff: Re: Exception unwrapping data: Tag mismatch! in "Profile Action
> ValidateGrant"
> 
> On 4/8/22, 5:37 PM, "users on behalf of Bergmann, Clemens" <users-
> bounces at shibboleth.net on behalf of clemens.bergmann at tu-
> darmstadt.de> wrote:
> 
> > One other noteworthy information is that the Idp is setup as a
> loadbalanced pair. Could it be a problem if
> > Authorization Endpoint and Token Endpoint are served by different IdPs?
> Both are configured exactly the
> > same.
> 
> They are not in sync re: their secret key and they won't work at all in that
> case.
> 
> -- Scott
> 
> 
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6377 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220410/27116507/attachment.p7s>