Shibboleth Developers

[Derek Atkins <>]

There should be an entry in the log file just before
this line that says something like:

caught an XMLSec exception: XXX

What's this XXX in the logfile?

-derek

"RL 'Bob' Morgan" 
<>
 writes:

> I'm guessing now that this is because the xmlsec package requires
> precisely md5WithRSAEncryption for signature algorithm.  For some reason
> the UW CA seems to issue certs with sha1WithRSAEncryption signatures.
> This seems to work in general but not here.  The tipoff line from shar.log
> on the above failure is:
> 
> 2003-05-29 21:44:00 INFO shibtarget.rpc-server [1] new_session: FAILED:
> <Status xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
> xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><StatusCode
> Value="Responder"></StatusCode><StatusMessage>SAMLSignedObject::verify()
> caught an XMLSec crypto
> exception</StatusMessage><StatusDetail><ExceptionClass
> xmlns="http://www.opensaml.org";>org.opensaml.InvalidCryptoException</ExceptionClass></StatusDetail></Status>
> 
> The shib2.internet2.edu cert uses md5, as do the bossie certs ...
> 
>  - RL "Bob"
> 
> 
> 

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       

                        PGP key available

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--