Did you finally solve the issue? El martes, 6 de marzo de 2018, 11:47:43 (UTC+1), Lalot Dominique escribió: > > Hello > > We are testing SAML on CAS V5.2.2 > > After hours everything is fine except this when shibboleth SP 2 is trying > to get the metadata: > > 2018-03-06 11:25:28 INFO OpenSAML.MetadataProvider.XML : loaded XML > resource (/var/cache/shibboleth/cas-meta.xml) > 2018-03-06 11:25:28 INFO OpenSAML.Metadata : applying metadata filter > (Signature) > 2018-03-06 11:25:28 WARN OpenSAML.MetadataFilter.Signature : filtering out > entity at root of instance after failed signature check: Root metadata > element was unsigned. > 2018-03-06 11:25:28 CRIT OpenSAML.Metadata.Chaining : failure initializing > MetadataProvider: SignatureMetadataFilter unable to verify signature at > root of metadata instance. > > ./xmlsectool.sh --verifySignature --inFile > /var/cache/shibboleth/cas-meta.xml --certificate > /etc/shibboleth/casv5-signing.crt > INFO XMLSecTool - Reading XML document from file > '/var/cache/shibboleth/cas-meta.xml' > INFO XMLSecTool - XML document parsed and is well-formed. > ERROR XMLSecTool - Signature required but XML document is not signed > > So I changed the shibboleth SP setup and it works but it's not nice if I > cans say: > > <MetadataProvider type="XML" uri="https://xx/cas/idp/metadata"; > backingFilePath="cas-meta.xml" reloadInterval="7200"> > <!-- <MetadataFilter type="Signature" > certificate="casv5-signing.crt"/> --> > </MetadataProvider> > > Any ideas? > > Thanks >
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e714e30b-52ed-45f9-adee-568709b1b100%40apereo.org.
