shibboleth-dev - Re: Shib 2 IdP Error
Subject: Shibboleth Developers
List archive
- From: Keith Powell <>
- To:
- Subject: Re: Shib 2 IdP Error
- Date: Wed, 30 Jan 2008 09:47:07 -0600
Thanks, I see what happened. Somehow my certificate and key files got corrupted. I did follow the steps 1-3 to get it that far.
Thanks!
On Jan 30, 2008, at 8:49 AM, Nate Klingenstein wrote:
Keith,
That means that TestShib was unable to verify the signature on the assertion your IdP sent.
MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQQFADBSMREwDwYDVQQKEwhUZXN0U2hpYjEjMCEG
A1UEAxMaVGVzdFNoaWIgSWRlbnRpdHkgUHJvdmlkZXIxGDAWBgNVBAMTD2dpbGVhZC51YW1zLmVk
dTAeFw0wNzEyMTAxOTMyMzZaFw0wOTEyMTAxOTMyMzZaMFIxETAPBgNVBAoTCFRlc3RTaGliMSMw
IQYDVQQDExpUZXN0U2hpYiBJZGVudGl0eSBQcm92aWRlcjEYMBYGA1UEAxMPZ2lsZWFkLnVhbXMu
ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHNnErH/ x0mWzeBGwWLVrOUYLxyc
OATr8oulp0+zpy/RD4DmPaVENN6t04BZT+OvWBqE5ypC4mbpwD4kfpk/ 94g85y1eTfM0M9Ee8Mgb
mr8Gqp5Bfgt1xs2hjzlqVls/B646yzW5nOk8UVViKVBQSiLrd/cr5gj +grUEqQvfOMrPvGMXGMAK
78S + s4SwommNzgtgKuYvTOUKcsS7LXyJPbrz9h0i0V1njAjM8Rqg3e1INhpvy5hKnLZt5ctJCRiW
ecAOc8dOZv1h+Oq7z7v3CTd0MTbRNvKtisxTcqanpTmCTC2uuY99m +K8I4om3TNvU2mDxq12dnBZ
mEWIdW3IXwIDAQABo4GsMIGpMB0GA1UdDgQWBBQ4E9qjH8ARpunniZpkvccSeD +KHjB6BgNVHSME
czBxgBQ4E9qjH8ARpunniZpkvccSeD +KHqFWpFQwUjERMA8GA1UEChMIVGVzdFNoaWIxIzAhBgNV
BAMTGlRlc3RTaGliIElkZW50aXR5IFByb3ZpZGVyMRgwFgYDVQQDEw9naWxlYWQudWFtcy5lZHWC
AQEwDAYDVR0TBAUwAwEB/ zANBgkqhkiG9w0BAQQFAAOCAQEAFXRNhSjayvWxVuhfjQjVXrkIZi7a
vR3aQeFe3OFlYHjd7AQsHY +QXnGL1LiRnUb6UwzvLeP0GcFTIvfrvLh7AgrrKWSjx0DH2OMfTNzB
FRX8WZ55LYVf28a1fKO +K532Em1Tmp443ZDfyCQh8w1lN46+Rg14hbm4tKe9EVtY7AvGBwDSBOk4
kQ5dJPx3RErk0/ W6VYNUPQUvg9bGytHI3rYCOJLpVt6r2aJ7nmfLAEYsr18bS2SNfeEJsCtxScwk
Lf9/vS6fh0Bb9GUV6G5vQBe8r7mYu28U58ixmtTDsbVHXQ2Nwy +Zf5jqsHIbZ18Rac47fGwo7V6H
RtEtPjJ5Og==
is the certificate your IdP used. The one TestShib expects based on your metadata is:
MIIDzDCCArSgAwIBAgIBATANBgkqhkiG9w0BAQQFADBSMREwDwYDVQQKEwhUZXN0U2hpYjEjMCEG
A1UEAxMaVGVzdFNoaWIgSWRlbnRpdHkgUHJvdmlkZXIxGDAWBgNVBAMTD2dpbGVhZC51YW1zLmVk
dTAeFw0wODAxMjgxOTEzMDlaFw0xMDAxMjgxOTEzMDlaMFIxETAPBgNVBAoTCFRlc3RTaGliMSMw
IQYDVQQDExpUZXN0U2hpYiBJZGVudGl0eSBQcm92aWRlcjEYMBYGA1UEAxMPZ2lsZWFkLnVhbXMu
ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNlfdPytHCI/ ygN1pCOaviYs4l5J
/6VqZIyF/jOBKWAmZijPJkcSWFBAHAzrgCrafkbG6r9tar+SRON7HvYlqIe +PTdfJcR6OMPdTwzu
73f3ApYoR8t8W2d9aZjTol/ jamgZiNZmBXsmozOp6unUkwCP1MFQCbJMA5Dg5wMFRZ6iy0h68Kp8
SxIADA3hjC7fauhIX+FcvgAkMtVqCPEvsxU+1YiQ/ qyilzegbMeIGleEVR0m7fytSS3CGZPh0wv7
1adcyMaS/kjNAQBv2U7SuMSoml7U4ac+orRlvlgm4j/ rge8MZV8aQdhqlWTbvM2gcJ157KcgA0Oz
/lnH6iyhbwIDAQABo4GsMIGpMB0GA1UdDgQWBBTPiTujLQmfbj6ua/ 8mIGIFmiWuxzB6BgNVHSME
czBxgBTPiTujLQmfbj6ua/ 8mIGIFmiWux6FWpFQwUjERMA8GA1UEChMIVGVzdFNoaWIxIzAhBgNV
BAMTGlRlc3RTaGliIElkZW50aXR5IFByb3ZpZGVyMRgwFgYDVQQDEw9naWxlYWQudWFtcy5lZHWC
AQEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOCAQEAemAHT6jzxl25hEeNvQ/ k4ZSZgakk
jifBCKVdHoEL8j3FFsWHQb1p/ MWa8Chw7gIi6uG6ZIIWgt4WNb2m1NXIbqAV2sKbBwzEKKReysOK
Y/9LGSBjxM0xMeOg/fWQslLmQPSIiV+WEMjDyJEQZjL1VrFN/H0QlqhmKfzshC0eQsc/ 6sPgrmmc
+4K2XreM2UykKFV22XRnFO6WQFkr5oME9sawt+FFL/ 1Z8p4w2XqXaWiA99MZSZKdNJJ1rCw8eOQI
A96jccvXIQ2iaSeumZgx/ CoGFigr0lMQcR48YclooOAYLMok0DhRvQARMVoFE4TnOAT7UMGmu4tS
jRF/pgbTGQ==
As you can see, they don't quite match. Did you follow steps 1 and 3 in the configuration directions?
http://www.testshib.org/testshib-two/configure.jsp#IdP
You can also replace the credentials TestShib made for you with the ones generated during your installation. We've decided that giving TestShib the certificate during the joining process wouldn't be any easier than having TestShib generate a certificate, but we might be wrong. What do you think?
You can do that anyway using the XML Edit if you want.
Take care,
Nate.
On 30 Jan 2008, at 14:31, Keith Powell wrote:
opensaml::SecurityPolicyException at (https://sp.testshib.org/Shibboleth.sso/SAML2/POST )
Message was signed, but signature could not be verified.
- Shib 2 IdP Testers, Chad La Joie, 01/30/2008
- Re: Shib 2 IdP Testers, Florent Guilleux, 01/30/2008
- Re: Shib 2 IdP Testers, Keith Powell, 01/30/2008
- Re: Shib 2 IdP Testers, Chris G. Sellers, 01/30/2008
- Shib 2 IdP Error, Keith Powell, 01/30/2008
- Re: Shib 2 IdP Error, Nate Klingenstein, 01/30/2008
- Re: Shib 2 IdP Error, Keith Powell, 01/30/2008
- RE: Shib 2 IdP Error, Scott Cantor, 01/30/2008
- Re: Shib 2 IdP Error, Nate Klingenstein, 01/30/2008
- RE: Shib 2 IdP Testers, Jeff.Krug, 01/30/2008
- Re: Shib 2 IdP Testers, Simon McLeish, 01/30/2008
- RE: Shib 2 IdP Testers, Bruc Liong, 01/30/2008
Archive powered by MHonArc 2.6.16.