Shibboleth Developers

["RL 'Bob' Morgan" <>]

> >   SHIRE failure at (https://perq.cac.washington.edu/shibboleth/SHIRE)
> >
> >   Exception: cryptographic check failed: SAMLSignedObject::verify() caught
> >   an XMLSec crypto exception
>
> I'm guessing now that this is because the xmlsec package requires
> precisely md5WithRSAEncryption for signature algorithm.  For some reason
> the UW CA seems to issue certs with sha1WithRSAEncryption signatures.

Well, another dead-end.  I used another CA to make a server cert with md5
sigalg, but same result.  So at this point the only kind of verification
that seems to work is the kind with the HS server cert stuck into the
trust.xml file.

I've lost track of which xmlsec package is being used on the target?  Is
it the one at http://www.aleksey.com/xmlsec/?

 - RL "Bob"


------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--