Hello
We are testing SAML on CAS V5.2.2
After hours everything is fine except this when shibboleth SP 2 is trying
to get the metadata:
2018-03-06 11:25:28 INFO OpenSAML.MetadataProvider.XML : loaded XML
resource (/var/cache/shibboleth/cas-meta.xml)
2018-03-06 11:25:28 INFO OpenSAML.Metadata : applying metadata filter
(Signature)
2018-03-06 11:25:28 WARN OpenSAML.MetadataFilter.Signature : filtering out
entity at root of instance after failed signature check: Root metadata
element was unsigned.
2018-03-06 11:25:28 CRIT OpenSAML.Metadata.Chaining : failure initializing
MetadataProvider: SignatureMetadataFilter unable to verify signature at
root of metadata instance.
./xmlsectool.sh --verifySignature --inFile
/var/cache/shibboleth/cas-meta.xml --certificate
/etc/shibboleth/casv5-signing.crt
INFO XMLSecTool - Reading XML document from file
'/var/cache/shibboleth/cas-meta.xml'
INFO XMLSecTool - XML document parsed and is well-formed.
ERROR XMLSecTool - Signature required but XML document is not signed
So I changed the shibboleth SP setup and it works but it's not nice if I
cans say:
<MetadataProvider type="XML" uri="https://xx/cas/idp/metadata";
backingFilePath="cas-meta.xml" reloadInterval="7200">
<!-- <MetadataFilter type="Signature"
certificate="casv5-signing.crt"/> -->
</MetadataProvider>
Any ideas?
Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce62298e-1f22-4595-9f9f-6a1e34051d50%40apereo.org.
