Hi all, I have eliminated most of the errors below in terms of reading KeyInfo from KeyDescriptors (that was due to my SP certificates being invalid). However I am still seeing “Unknown IO Error” in /usr/local/pf/logs/httpd.portal.error and the following error in the captive portal on my client device:
“Can’t validate Identity provider return message : The profile cannot verify a signature on the message”. I am seeing the same error with two different IdP setups (both Azure AD B2C). Is anyone able to point me in the direction of more specific logging or errors which will help me troubleshoot this? Thanks Jonathan Jonathan Nathanson | Head of Systems Innovation 0203 176 1025 | 07738 065 802 From: Jonathan Nathanson via PacketFence-users <[email protected]> Sent: 05 February 2020 22:24 To: [email protected] Cc: Jonathan Nathanson <[email protected]> Subject: [PacketFence-users] SAML Authentication Failing - httpd_portal_err Could not read KeyInfo Hi Everyone, I am trying to set up a SAML authentication source as detailed in the PacketFence Installation Guide. I have followed the guide, uploaded the IdP metadata, certificates etc and I am getting as far as hitting the IdP’s login page and entering credentials. Upon return to the PF portal, I get the error: “Can’t validate Identity provider return message : The profile cannot verify a signature on the message”. Checking the logs at httpd.portal.error I am faced with: Feb 5 22:13:21 httpd_portal_err: error : Unknown IO error Feb 5 22:13:21 httpd_portal_err: Feb 5 22:13:21 httpd_portal_err: (process:22392): Lasso-WARNING **: 22:13:21.434: 2020-02-05 22:13:21 Could not read KeyInfo from signing KeyDescriptor Feb 5 22:13:21 httpd_portal_err: Feb 5 22:13:21 httpd_portal_err: (process:22392): Lasso-WARNING **: 22:13:21.440: 2020-02-05 22:13:21 Could not read KeyInfo from encryption KeyDescriptor I am struggling to find much information as to what could cause this particular error. If anyone can point me in the correct direction I would be eternally grateful! A copy of the IdP metadata can be found here for reference: https://pastebin.com/MYJUHwU7<https://pastebin.com/MYJUHwU7> Best regards, Jonathan Nathanson _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://lists.sourceforge.net/lists/listinfo/packetfence-users> Note: This is an external Email. Visit https://www.excellgroup.com/solutions/ to learn about our Audio Visual, Business Centre, Cloud / Data, Mobile, Network, Security, Support and Voice solutions. Contact Us: https://www.excellgroup.com/contact/ This email is subject to Excell’s Email Terms & Conditions which can be found at https://www.excellgroup.com/legal-and-terms/email-terms-conditions/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
