shibboleth-dev - Re: base 64
Subject: Shibboleth Developers
List archive
- From: Alistair Young <>
- To: Alistair Young <>
- Cc: Shibboleth Development <>
- Subject: Re: base 64
- Date: Thu, 28 Apr 2005 12:11:59 +0100
I changed it to ALGO_ID_SIGNATURE_RSA and it's better now but I get the error:
new_session validate: verified with key inside token, entering validation stage
new_session validate: certificate subject: CN=guanxi.uhi.ac.uk; OU=WWW; O=UHI Millennium Institute; L=Isle of Skye; ST=Scotland; C=GB
new_session validate: matched subject CN to a key name (guanxi.uhi.ac.uk)
new_session validate: KeyAuthority match on guanxi.uhi.ac.uk
new_session validate: failed to validate certificate chain, token signature untrusted
I got "token signature untrusted" once before when a cert's valid from and to dates were wrong but this is a brand new Thawte cert.
should I add more stuff to IQ-trust.xml?
thanks,
Alistair
On 28 Apr 2005, at 11:45, Alistair Young wrote:
Is there a way to find out what this refers to?
Exception: XML object is malformed: XML::Parser detected an error during parsing: Datatype error: Type:InvalidDatatypeValueException, Message:Value '' is not encoded in Base64
ERROR shibtarget.rpc-server init shar_svc_run [0] new_session: caught SAML exception: XML::Parser detected an error during parsing: Datatype error: Type:InvalidDatatypeValueException, Message:Value '' is not encoded in Base64
it's when an AuthenticationStatement is coming back from an IdP. It's worked fine with self-signed certs. Now I'm using a Thawte cert and I get this error.
I've checked and the SAMLResponse in the form is indeed base 64 encoded, as is the X509 in the response.
below is the decoded SAMLResponse field from the form. Is there stuff in there that maybe shibb doesn't like?
thanks,
Alistair
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>code ds kind rw saml samlp typens #default</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
MIIDcjCCAtugAwIBAgIDIQ36MA0GCSqGSIb3DQEBBAUAMIHOMQswCQYDVQQGEwJaQTEVMBM GA1UE
CBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSB Db25z
dWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSE wHwYD
VQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0 tc2Vy
dmVyQHRoYXd0ZS5jb20wHhcNMDUwNDEyMTMwODQ5WhcNMDYwNDEyMTMwODQ5WjCBgzELMAk GA1UE
BhMCR0IxETAPBgNVBAgTCFNjb3RsYW5kMRUwEwYDVQQHEwxJc2xlIG9mIFNreWUxITAfBgN VBAoT
GFVISSBNaWxsZW5uaXVtIEluc3RpdHV0ZTEMMAoGA1UECxMDV1dXMRkwFwYDVQQDExBndWF ueGku
dWhpLmFjLnVrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIr4/ 29FuZwQIqP7VOPEBy/L2H
e9FdrJyaXSW6HpeXVhJ//kasQHzeri5pT6NPFeU027/ M1WJkcNeYCvjATZBFFMefx74trv+Gztal
yVjf5QmOHFkml8RKTbyoTYbqr3igqtAbciuuGhx7r5uonw27HGTyJ1Fs96OMNtO7zBntuwI DAQAB
o4GmMIGjMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6A xhi9o
dHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgE FBQcB
AQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/ BAIwADAN
BgkqhkiG9w0BAQQFAAOBgQCQCFtxPME3dhwFLK/pkUY84Hcul7tk/ 6DPZBiVUPdQjOpfk7OW8pK9
4bOGviXuKBE/ 0e+QVSuGwCDQetJYVz368HYAHorFLwik3BdKl3NlmlWQTipsOV97OboDqbDeuLhv
L5ek1CWI8Fgid3bI0SILno8V/ZBoXyuHSx7Tv5WxKA==
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:RSAKeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Modulus xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
yK+P9vRbmcECKj+1TjxAcvy9h3vRXaycml0luh6Xl1YSf/5GrEB83q4uaU+jTxXlNNu/ zNViZHDX
mAr4wE2QRRTHn8e+La7/ hs7WpclY3+UJjhxZJpfESk28qE2G6q94oKrQG3Irrhoce6+bqJ8Nuxxk
8idRbPejjDbTu8wZ7bs=
</ds:Modulus>
<ds:Exponent xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
- base 64, Alistair Young, 04/28/2005
- Re: base 64, Alistair Young, 04/28/2005
- Re: base 64, Alistair Young, 04/28/2005
- RE: base 64, Scott Cantor, 04/28/2005
- Re: base 64, Alistair Young, 04/28/2005
- Re: base 64, Alistair Young, 04/28/2005
Archive powered by MHonArc 2.6.16.