shibboleth-dev - 2.0 IdP w/NO apache, security policy fails

Subject: Shibboleth Developers

List archive

2.0 IdP w/NO apache, security policy fails

From:
To:
Subject: 2.0 IdP w/NO apache, security policy fails
Date: Wed, 12 Dec 2007 12:58:30 -0500

I have an IdP and an SP on a test machine here.

1) If I configure apache in front of the IdP, the two can interoperate without any problems.

2) If I remove apache, and configure tomcat according to Rod's directions (ie add AnyCertProvider, etc), and make the other required changes (stop apache from listening on 8443, tell tomcat to listen on 8443, change the metadata describing the IdP to tell the SP to redirect SSO requests to port 8443 instead of 443), then I get this failure in the IdP

Failed to validate untrusted credential against trusted key

when processing the incoming SSO request.....

My first wild guess would be that tomcat isn't passing the SPs cert on to the IdP in the same way that apache is... since the IdP is using the same metadata in both cases...

any thoughts or suggestions?

2.0 IdP w/NO apache, security policy fails, Steven_Carmody, 12/12/2007
- RE: 2.0 IdP w/NO apache, security policy fails, Scott Cantor, 12/12/2007
  - RE: 2.0 IdP w/NO apache, security policy fails, Steven_Carmody, 12/12/2007
    - Re: 2.0 IdP w/NO apache, security policy fails, Brent Putman, 12/12/2007
      - RE: 2.0 IdP w/NO apache, security policy fails, Scott Cantor, 12/12/2007
      - Message not available
        
        Re: 2.0 IdP w/NO apache, security policy fails, Brent Putman, 12/12/2007
        
        RE: 2.0 IdP w/NO apache, security policy fails, Scott Cantor, 12/12/2007
      - Re: 2.0 IdP w/NO apache, security policy fails, Steven_Carmody, 12/12/2007
        
        RE: 2.0 IdP w/NO apache, security policy fails, Scott Cantor, 12/12/2007
        
        RE: 2.0 IdP w/NO apache, security policy fails, Steven_Carmody, 12/13/2007

List archive

2.0 IdP w/NO apache, security policy fails