Shibboleth Developers

At 9:46 PM -0700 5/29/03, RL 'Bob' Morgan wrote:
> I did a test with a HS server cert issued directly by a root CA (our UW
> CA, https://www.washington.edu/computing/ca/), and (after putting the CA
> into trust.xml along with all the other CAs verifying the incommon:pilot
> group) got a different failure:
>
>   SHIRE failure at (https://perq.cac.washington.edu/shibboleth/SHIRE)
>
>   Exception: cryptographic check failed: SAMLSignedObject::verify() caught
>   an XMLSec crypto exception

FWIW, one of the "shot in the dark" things that Walter and I  tried 
yesterday was to create an  entry for my  origin in the trust.xml 
file, BUT to  put the cert for the bossie Master CA in that entry. 
(The outlandish hope here was that this corresponded to the signature 
on the cert being supplied by my origin -- yea, we were certainly 
reaching on this one). Unfortunately, this resulted in the same 
message text described above, in Bob's text. The  good news, tho, was 
that this message actually made sense for what I'd done.

As  noted previously, when I put the cert for my origin into the 
trust file entry for that machine, everything worked fine.

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--