Shibboleth Developers

At 1:03 PM -0500 12/12/07, Scott Cantor wrote:
> An SSO request doesn't need Apache or Tomcat to pass in the certificate,
> it's inside the message (or it's a redirect and it isn't there ever).

looking at the IdP logs:

1) the msg went here:

stc-test11.cis.brown.edu:8443|/profile/saml2/Redirect/SSO|

2) after decoding, the security processing starts:

12:47:06.277 INFO 
[org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:99] 
- SAML protocol message was not signed, skipping XML signature 
processing

12:47:06.278 DEBUG 
[org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:63] 
- Evaluating simple signature rule of type: 
org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule

12:47:06.280 DEBUG 
[org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:86] 
- HTTP request was not signed via simple signature mechanism, skipping

12:47:06.281 DEBUG 
[org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:63] 
- Evaluating simple signature rule of type: 
org.opensaml.saml2.binding.security.SAML2HTTPPostSimpleSignRule

12:47:06.282 DEBUG 
[org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:80] 
- Rule can not handle this request, skipping processing

12:47:06.296 DEBUG 
[org.opensaml.ws.security.provider.ClientCertAuthRule:135] - 
Attempting client certificate authentication using context issuer: 
https://stc-test11.cis.brown.edu/Shibboleth.sso/Metadata

12:47:06.307 DEBUG 
[org.opensaml.xml.security.trust.ExplicitKeyTrustEngine:68] - 
Attempting to validate untrusted credential

and fails......