Shibboleth Developers

[Brent Putman <>]

 wrote:
> 1) if an IdP relyingparty config, profile element contains
> encryptAssertions="true", but SPSSO element in metadata only has a key
> with <md:KeyDescriptor use="signing">. the IdP produces a msg with:
>
> Unable to construct encrypter
> Key encryption credential may not be null
>
> Chad asked me to submit this; msg not very descriptive.


Yes, I think the IdP should detect whether it can actually resolve an
encryption key, and fail gracefully if not, as opposed to letting other
sanity checking code handle it by throwing an exception.


>
>
> 3) line 4673; this line appears:
>
>> Unable to determine length in bits of specified Key instance
>
> should I be concerned?  ;-)


That's actually not cause for alarm - it's an informational-type message
which is misleading  here in context - but I'll see if I can eliminate
it, or change it or at least reduce it to TRACE level.