The saml SP override works correctly on first use, but then the override signing certificate is taking precedence over the default IdP signing certificate, or even another override. This effectively breaks all other SP-integrations. This seems to happen with each new override.
The intent here is to have a different signing certificate for at least one service provider with a different key and expiration than the default IdP. I've adjusted the CN on the certificates to demonstrate the issue I'm seeing. Also, this only seems to happen when the sp metadata requires response signing. 1. Visit SP using default idp-signing.key/crt ^[[m^[[36m2024-04-08 12:57:05,729 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> ^[[m^[[36m2024-04-08 12:57:05,729 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test-saml-566.example.com] indicates that SAML responses should be signed> ^[[m^[[36m2024-04-08 12:57:05,731 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> ^[[m^[[36m2024-04-08 12:57:05,732 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> ^[[m^[[36m2024-04-08 12:57:05,780 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-566.xml] using algorithm [RSA]> ^[[m^[[36m2024-04-08 12:57:05,947 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 12:57:06,015 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 12:57:06,048 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=testidp.example.com,serialNumber=314081278862115046149249165890986746486728921478]]> ^[[m^[[36m2024-04-08 12:57:06,116 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> ^[[m^[[36m2024-04-08 12:57:06,116 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 1. Visit SP with an override. ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test.example.com] indicates that SAML responses should be signed> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-signing.key] at [/etc/cas66/config/saml/test_saml-567/idp-signing.key]> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-567.xml] using algorithm [RSA]> ^[[m^[[36m2024-04-08 12:59:22,650 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> ^[[m^[[36m2024-04-08 12:59:22,650 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> ^[[m^[[36m2024-04-08 12:59:22,651 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test567.testidp.example.com,serialNumber=173907680160128790975551770084230862871092444709]]> ^[[m^[[36m2024-04-08 12:59:22,678 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> ^[[m^[[36m2024-04-08 12:59:22,678 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 2. Back to original SP (now using the override signing cert CN=test567.testidp.example.com) ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test-saml-566.example.com] indicates that SAML responses should be signed> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-566.xml] using algorithm [RSA]> ^[[m^[[36m2024-04-08 13:00:39,737 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 13:00:39,742 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 13:00:39,743 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test567.testidp.example.com,serialNumber=173907680160128790975551770084230862871092444709]]> ^[[m^[[36m2024-04-08 13:00:39,770 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> ^[[m^[[36m2024-04-08 13:00:39,770 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 3. Vising additional SP with a different override. (pulls in the correct override certificate) 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test-saml-568.example.com] indicates that SAML responses should be signed> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-signing.key] at [/etc/cas66/config/saml/test_saml-568/idp-signing.key]> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-568.xml] using algorithm [RSA]> 2024-04-08 13:02:38,261 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml568]> 2024-04-08 13:02:38,261 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-metadata.xml] at [/etc/cas66/config/saml/test_saml-568/idp-metadata.xml]> 2024-04-08 13:02:38,261 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-metadata.xml] at [/etc/cas66/config/saml/test_saml-568/idp-metadata.xml]> 2024-04-08 13:02:38,276 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml568]> 2024-04-08 13:02:38,277 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test568.testidp.example.com,serialNumber=287894117138036180647362833833935432564855509796]]> 2024-04-08 13:02:38,298 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> 2024-04-08 13:02:38,298 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 4. back to the original override, now using the 2nd overrides certificate. (CN=test568.testidp.example.com, should be signed with CN=test567.testidp.example.com) 2024-04-08 13:04:32,437 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 2024-04-08 13:04:32,437 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test.example.com] indicates that SAML responses should be signed> 2024-04-08 13:04:32,437 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> 2024-04-08 13:04:32,438 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> 2024-04-08 13:04:32,438 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-signing.key] at [/etc/cas66/config/saml/test_saml-567/idp-signing.key]> 2024-04-08 13:04:32,438 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-567.xml] using algorithm [RSA]> 2024-04-08 13:04:32,445 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> 2024-04-08 13:04:32,445 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> 2024-04-08 13:04:32,446 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test568.testidp.example.com,serialNumber=287894117138036180647362833833935432564855509796]]> 2024-04-08 13:04:32,461 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> 2024-04-08 13:04:32,461 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5c9ebe86-fb8c-4446-9f12-b8008f0e67e5n%40apereo.org.
1. Visit SP using default idp-signing.key/crt ^[[m^[[36m2024-04-08 12:57:05,729 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> ^[[m^[[36m2024-04-08 12:57:05,729 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test-saml-566.example.com] indicates that SAML responses should be signed> ^[[m^[[36m2024-04-08 12:57:05,731 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> ^[[m^[[36m2024-04-08 12:57:05,732 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> ^[[m^[[36m2024-04-08 12:57:05,780 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-566.xml] using algorithm [RSA]> ^[[m^[[36m2024-04-08 12:57:05,947 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 12:57:06,015 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 12:57:06,048 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=testidp.example.com,serialNumber=314081278862115046149249165890986746486728921478]]> ^[[m^[[36m2024-04-08 12:57:06,116 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> ^[[m^[[36m2024-04-08 12:57:06,116 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 1. Visit SP with an override. ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test.example.com] indicates that SAML responses should be signed> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-signing.key] at [/etc/cas66/config/saml/test_saml-567/idp-signing.key]> ^[[m^[[36m2024-04-08 12:59:22,648 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-567.xml] using algorithm [RSA]> ^[[m^[[36m2024-04-08 12:59:22,650 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> ^[[m^[[36m2024-04-08 12:59:22,650 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> ^[[m^[[36m2024-04-08 12:59:22,651 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test567.testidp.example.com,serialNumber=173907680160128790975551770084230862871092444709]]> ^[[m^[[36m2024-04-08 12:59:22,678 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> ^[[m^[[36m2024-04-08 12:59:22,678 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 2. Back to original SP (now using the override signing cert CN=test567.testidp.example.com) ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test-saml-566.example.com] indicates that SAML responses should be signed> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> ^[[m^[[36m2024-04-08 13:00:39,731 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-566.xml] using algorithm [RSA]> ^[[m^[[36m2024-04-08 13:00:39,737 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 13:00:39,742 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml566]> ^[[m^[[36m2024-04-08 13:00:39,743 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test567.testidp.example.com,serialNumber=173907680160128790975551770084230862871092444709]]> ^[[m^[[36m2024-04-08 13:00:39,770 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> ^[[m^[[36m2024-04-08 13:00:39,770 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 3. Vising additional SP with a different override. (pulls in the correct override certificate) 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test-saml-568.example.com] indicates that SAML responses should be signed> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-signing.key] at [/etc/cas66/config/saml/test_saml-568/idp-signing.key]> 2024-04-08 13:02:38,259 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-568.xml] using algorithm [RSA]> 2024-04-08 13:02:38,261 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml568]> 2024-04-08 13:02:38,261 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-metadata.xml] at [/etc/cas66/config/saml/test_saml-568/idp-metadata.xml]> 2024-04-08 13:02:38,261 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-metadata.xml] at [/etc/cas66/config/saml/test_saml-568/idp-metadata.xml]> 2024-04-08 13:02:38,276 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml568]> 2024-04-08 13:02:38,277 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test568.testidp.example.com,serialNumber=287894117138036180647362833833935432564855509796]]> 2024-04-08 13:02:38,298 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> 2024-04-08 13:02:38,298 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 4. back to the original override, now using the 2nd overrides certificate. (CN=test568.testidp.example.com, should be signed with CN=test567.testidp.example.com) 2024-04-08 13:04:32,437 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************> 2024-04-08 13:04:32,437 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.response.SamlProfileSaml2ResponseBuilder] - <SAML entity id [https://test.example.com] indicates that SAML responses should be signed> 2024-04-08 13:04:32,437 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Fetched assertion consumer service url [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST] from authentication request> 2024-04-08 13:04:32,438 DEBUG [org.apereo.cas.support.saml.SamlIdPUtils] - <Configured peer entity endpoint to be [https://testidp.example.com/cas/idp/profile/SAML2/POST/SSO] with binding [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST]> 2024-04-08 13:04:32,438 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.FileSystemSamlIdPMetadataLocator] - <Using metadata artifact [idp-signing.key] at [/etc/cas66/config/saml/test_saml-567/idp-signing.key]> 2024-04-08 13:04:32,438 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing key for [/etc/cas66/services/sp-metadata/test_saml-567.xml] using algorithm [RSA]> 2024-04-08 13:04:32,445 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> 2024-04-08 13:04:32,445 DEBUG [org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataResolver] - <Cache key for SAML IdP metadata is [test_saml567]> 2024-04-08 13:04:32,446 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Locating signature signing certificate from credential [[subjectDn=CN=test568.testidp.example.com,serialNumber=287894117138036180647362833833935432564855509796]]> 2024-04-08 13:04:32,461 DEBUG [org.apereo.cas.support.saml.web.idp.profile.builders.enc.DefaultSamlIdPObjectSigner] - <Signed SAML message successfully> 2024-04-08 13:04:32,461 DEBUG [org.apereo.cas.support.saml.SamlUtils] - <********************************************************************************>
