Hi Ray, I'm getting the same error (Unable to locate signing credentials) when integrating elastic cloud with apereo using SAML2 protocol. My Idp metadata does not contain certificate. Is it mandatory to include certificate in Idp metadata?
Ray Bon 在 2021年6月16日 星期三上午5:08:46 [UTC+8] 的信中寫道: > Does your IdP metadata have certificate(s)? > > Ray > On Tuesday, June 15, 2021 at 1:35:43 PM UTC-7 [email protected] wrote: > >> I think we are making progress, now we are getting this error message >> >> >> >> Unable to locate signing credentials >> >> >> >> Any thoughts on how to fix this? >> >> >> >> Thanks, Jay >> >> >> >> ________________________________ >> >> Jason Rappaport (he/him) >> >> Identity and Access Management Analyst >> >> Office of Information Technology >> >> Email: [email protected] >> >> Office: 609-258-8464 <(609)%20258-8464> >> >> >> >> >> >> *From:* Jason B. Rappaport >> *Sent:* Tuesday, June 15, 2021 1:57 PM >> *To:* [email protected] >> *Subject:* RE: [cas-user] Per service specific SAML IDP configuration >> >> >> >> Ray – I just reread your message, are you indicating we need a directory >> D:\etc\cas\saml\metadata\Test_SAML-1363 and then within that is the IDP >> metadata file? >> >> >> >> Thanks, Jay >> >> >> >> ________________________________ >> >> Jason Rappaport (he/him) >> >> Identity and Access Management Analyst >> >> Office of Information Technology >> >> Email: [email protected] >> >> Office: 609-258-8464 <(609)%20258-8464> >> >> >> >> >> >> *From:* [email protected] <[email protected]> *On Behalf Of *Jason B. >> Rappaport >> *Sent:* Tuesday, June 15, 2021 1:47 PM >> *To:* [email protected] >> *Subject:* RE: [cas-user] Per service specific SAML IDP configuration >> >> >> >> Ray – thank you for the reply! >> >> >> >> I believe we did indeed do that, within the D:\etc\cas\saml\metadata >> directory lives a file called Test_SAML-1363 with no file extension. >> >> >> >> Thanks, Jay >> >> >> >> ________________________________ >> >> Jason Rappaport (he/him) >> >> Identity and Access Management Analyst >> >> Office of Information Technology >> >> Email: [email protected] >> >> Office: 609-258-8464 <(609)%20258-8464> >> >> >> >> >> >> *From:* [email protected] <[email protected]> *On Behalf Of *Ray Bon >> *Sent:* Tuesday, June 15, 2021 1:32 PM >> *To:* [email protected] >> *Subject:* Re: [cas-user] Per service specific SAML IDP configuration >> >> >> >> Jason, >> >> >> >> My reading of that doc section is that you need a directory named >> metatdata/Test_SAML-1363. The service specific IdP metadata et. al. goes in >> there. >> >> >> >> Ray >> >> >> >> On Tue, 2021-06-15 at 10:00 -0700, Jason Rappaport wrote: >> >> *Notice: This message was sent from outside the University of Victoria >> email system. Please be cautious with links and sensitive information. * >> >> >> >> Good afternoon. We are trying to configure our CAS server as a SAML IDP >> with a per service IDP configuration using this guide: >> https://apereo.github.io/cas/6.3.x/installation/Configuring-SAML2-Authentication.html#per-service >> >> >> >> >> We created a CAS service registry entry for a SAML SP called: >> Test_SAML-1363.json and placed that file in D:\etc\cas\config\services >> >> To override the default IDP configured in cas.properties, we added this >> file (no extension) Test-1363 to D:\etc\cas\saml\metadata Note that we also >> tried it with a .xml extension. >> >> What we got back from the SP indicated that it received a response from >> the default IDP configured in CAS, and not the one we attempted to override >> within the service specific configuration. >> >> Has anyone done this before and if so, what are we doing wrong? >> >> Thanks, Jay >> >> >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f588b450ab78d25f5848786e20e6bb5d685aa747.camel%40uvic.ca >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f588b450ab78d25f5848786e20e6bb5d685aa747.camel%40uvic.ca?utm_medium=email&utm_source=footer> >> . >> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR04MB5156E054A716FA663F69BF8ACC309%40BL0PR04MB5156.namprd04.prod.outlook.com >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR04MB5156E054A716FA663F69BF8ACC309%40BL0PR04MB5156.namprd04.prod.outlook.com?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/94adbf1f-11fc-4690-bb71-fe6f97767757n%40apereo.org.
