shibboleth-dev - Re: signed assertions again
Subject: Shibboleth Developers
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: signed assertions again
- Date: Tue, 06 Nov 2007 15:14:41 +0100
- Organization: SWITCH
Is this using a 2.0 IdP by chance? I fixed a bug, a few hours ago, dealing with improper signature generation.
wrote:
Hello guys,
I know there as already been a post on signed assertion but previous post had
to do with soma atrributes send in SAML ticket. I nevertheless have the same
issue with signed assertions but I do not pass any attribute at all.
THe message signature is validated perfectly but the assertion signature
could not be validated
anyone an idea??
thx
2007-10-31 11:25:55 ERROR SAML.SAMLAssertion [542] sessionNew: signature
failed to verify, error messages follow:
Reference URI="#_4bbf7220a8397443947c4e845e63ad4d" failed to verify
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Basic [542] sessionNew: verification with
KeyDescriptor failed: failed to verify signature value: Reference
URI="#_4bbf7220a8397443947c4e845e63ad4d" failed to verify
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Basic [542] sessionNew:
KeyDescriptor resolved into a key, trying it...
2007-10-31 11:25:55 ERROR SAML.SAMLAssertion [542] sessionNew: signature
failed to verify, error messages follow:
Reference URI="#_4bbf7220a8397443947c4e845e63ad4d" failed to verify
Validation of <SignedInfo> failed
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Basic [542] sessionNew: verification with
KeyDescriptor failed: failed to verify signature value: Reference
URI="#_4bbf7220a8397443947c4e845e63ad4d" failed to verify
Validation of <SignedInfo> failed
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Basic [542] sessionNew:
KeyDescriptor resolved into a key, trying it...
2007-10-31 11:25:55 ERROR SAML.SAMLAssertion [542] sessionNew: signature
failed to verify, error messages follow:
Reference URI="#_4bbf7220a8397443947c4e845e63ad4d" failed to verify
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Basic [542] sessionNew: verification with
KeyDescriptor failed: failed to verify signature value: Reference
URI="#_4bbf7220a8397443947c4e845e63ad4d" failed to verify
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Basic [542] sessionNew: failed to
validate signature with KeyDescriptors
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Shibboleth [542] sessionNew:
validating signature using certificate from within the signature
2007-10-31 11:25:55 ERROR SAML.SAMLAssertion [542] sessionNew: signature
failed to verify, error messages follow:
Reference URI="#_4bbf7220a8397443947c4e845e63ad4d" failed to verify
2007-10-31 11:25:55 DEBUG Shibboleth.Trust.Shibboleth [542] sessionNew:
failed to verify signature with embedded certificates
2007-10-31 11:25:55 ERROR Shibboleth.ShibBrowserProfile [542] sessionNew:
unable to verify signed authentication assertion
2007-10-31 11:25:55 ERROR shibd.Listener [542] sessionNew: caught exception
while creating session: unable to verify signed authentication assertion
2007-10-31 11:27:12 DEBUG shibtarget.SessionCache : Cleanup thread running...
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- signed assertions again, devos . kristof, 11/06/2007
- Re: signed assertions again, Chad La Joie, 11/06/2007
- RE: signed assertions again, Scott Cantor, 11/06/2007
- Message not available
- Re: signed assertions again, Kristof Devos, 11/06/2007
- RE: signed assertions again, Scott Cantor, 11/06/2007
- Re: signed assertions again, Kristof Devos, 11/06/2007
Archive powered by MHonArc 2.6.16.