Hi Sreeja, It seems like your private key and/or the ssl certificate you use to auth does not exist. If you are indeed using key-pair based authentication, make sure you have the key "signing_key.pem" at the mentioned location, i.e. at /etc/ssl/private
If this doesn't help, can you then just share a bit more on your setup. Thanks. Nitish B. Regards, Nitish B. On Mon, Sep 7, 2015 at 1:15 PM, sreeja kannagundla < [email protected]> wrote: > While trying to implement federation, I was getting code 500 errors > when trying to get a SAML assertion from a Keystone instance > configured as identity provider. This is what the Keystone log showed: > > INFO keystone.common.wsgi [-] POST > http://172.29.236.100:5000/v3/auth/OS-FEDERATION/saml2/ecp > ERROR keystone.contrib.federation.idp [-] Error when signing assertion, > reason: Command '['xmlsec1', '--sign', '--privkey-pem', > '/etc/ssl/private/signing_key.pem,/etc/ssl/ > certs/signing_cert.pem', '--id-attr:ID', 'Assertion', '/tmp/tmpfXz0D4']' > returned non-zero exit status 1 > 2015-06-24 21:54:46.482 13569 WARNING keystone.common.wsgi [-] An > unexpected error prevented the server from fulfilling your request. > > It is not clear what the problem is from the logs > > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
