Hi This is what my log file looks like:
INFO keystone.common.wsgi [-] POST http://keystone:5000/v3/auth/OS-FEDERATION/saml2/ecp ERROR keystone.contrib.federation.idp [-] Error when signing assertion, reason: Command '['xmlsec1', '--sign', '--privkey-pem', '/etc/keystone/ssl/private/cakey.pem,/etc/keystone/ssl/certs/ca.pem', '--id-attr:ID', 'Assertion', '/tmp/tmpfXz0D4']' returned non-zero exit status 1 2015-06-24 21:54:46.482 13569 WARNING keystone.common.wsgi [-] An unexpected error prevented the server from fulfilling your request. and the certificates ca.pem and cakey.pem are present in the /etc/keystone/ssl/certs/ and /etc/keystone/ssl/private/ This error is raised when subprocess.checkoutput method is called from sign_assertion method and following is my saml section in keystone.conf : [saml] certfile = /etc/keystone/ssl/certs/ca.pem keyfile = /etc/keystone/ssl/private/cakey.pem idp_entity_id = http://keystone.idp/v3/OS-FEDERATION/saml2/idp idp_sso_endpoint = http://keystone.idp/v3/OS-FEDERATION/saml2/sso idp_metadata_path = /etc/keystone/keystone_idp_metadata.xml On Mon, Sep 7, 2015 at 2:28 PM, nithish B <[email protected]> wrote: > Hi Sreeja, > It seems like your private key and/or the ssl certificate you use to auth > does not exist. If you are indeed using key-pair based authentication, make > sure you have the key "signing_key.pem" at the mentioned location, i.e. at > /etc/ssl/private > > If this doesn't help, can you then just share a bit more on your setup. > > Thanks. > Nitish B. > > Regards, > Nitish B. > > On Mon, Sep 7, 2015 at 1:15 PM, sreeja kannagundla < > [email protected]> wrote: > >> While trying to implement federation, I was getting code 500 errors >> when trying to get a SAML assertion from a Keystone instance >> configured as identity provider. This is what the Keystone log showed: >> >> INFO keystone.common.wsgi [-] POST >> http://172.29.236.100:5000/v3/auth/OS-FEDERATION/saml2/ecp >> ERROR keystone.contrib.federation.idp [-] Error when signing assertion, >> reason: Command '['xmlsec1', '--sign', '--privkey-pem', >> '/etc/ssl/private/signing_key.pem,/etc/ssl/ >> certs/signing_cert.pem', '--id-attr:ID', 'Assertion', '/tmp/tmpfXz0D4']' >> returned non-zero exit status 1 >> 2015-06-24 21:54:46.482 13569 WARNING keystone.common.wsgi [-] An >> unexpected error prevented the server from fulfilling your request. >> >> It is not clear what the problem is from the logs >> >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : [email protected] >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
