Hi Nicolas, Thanks for your response, much appreciated. I have upgraded the lasso version to 2.6:
[root@nac yum.repos.d]# yum info lasso Failed to set locale, defaulting to C Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.ukfast.co.uk * extras: mirrors.ukfast.co.uk * updates: mirror.netweaver.uk Installed Packages Name : lasso Arch : x86_64 Version : 2.6.0 Release : 1.el7 Size : 563 k Repo : installed From repo : lemonldap-ng-extras Summary : Liberty Alliance Single Sign On URL : http://lasso.entrouvert.org/ License : GPLv2+ Description : Lasso is a library that implements the Liberty Alliance Single Sign On : standards, including the SAML and SAML2 specifications. It allows to handle : the whole life-cycle of SAML based Federations, and provides bindings : for multiple languages. However I am still getting the error in the browser on the client device: “Can’t validate Identity provider return message : The profile cannot verify a signature on the message”. We are using SHA-256 to sign the response (as you can probably tell from the Metadata I’ve provided) so I presume this upgrade lasso step is required. Are there any other avenues you can think of that I should explore to resolve the error message? Thanks Jonathan Jonathan Nathanson | Head of Systems Innovation 0203 176 1025 | 07738 065 802 From: Nicolas Quiniou-Briand via PacketFence-users <[email protected]> Sent: 12 February 2020 10:24 To: [email protected] Cc: Nicolas Quiniou-Briand <[email protected]> Subject: Re: [PacketFence-users] SAML Authentication Failing - httpd_portal_err Could not read KeyInfo Hi Jonathan, PacketFence is shipped with lasso 2.5.1, it seems lasso 2.6 add supports for SHA256 certificates. Could you try to upgrade lasso packages to 2.6 using following procedure: #v+ # cat >> /etc/yum.repos.d/lemonldap-ng.repo << EOF [lemonldap-ng-extras] name=LemonLDAP::NG extra packages baseurl=https://lemonldap-ng.org/redhat/extras//$releasever<https://lemonldap-ng.org/redhat/extras//$releasever> enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2 EOF # curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2<https://lemonldap-ng.org/_media/rpm-gpg-key-ow2> > /etc/pki/rpm-gpg/RPM-GPG-KEY-OW2 # yum upgrade lasso lasso-perl #v- To revert changes, you need to run: #v+ # yum downgrade lasso lasso-perl --enablerepo=packetfence # rm -f /etc/yum.repos.d/lemonldap-ng.repo #v- Let me know if it works. -- Nicolas Quiniou-Briand [email protected]<mailto:[email protected]> :: +1.514.447.4918 *140 :: https://inverse.ca<https://inverse.ca> Inverse inc. :: Leaders behind SOGo (https://sogo.nu<https://sogo.nu>), PacketFence (https://packetfence.org<https://packetfence.org>) and Fingerbank (http://fingerbank.org<http://fingerbank.org>) _______________________________________________ PacketFence-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/packetfence-users<https://lists.sourceforge.net/lists/listinfo/packetfence-users> Note: This is an external Email. Visit https://www.excellgroup.com/solutions/ to learn about our Audio Visual, Business Centre, Cloud / Data, Mobile, Network, Security, Support and Voice solutions. Contact Us: https://www.excellgroup.com/contact/ This email is subject to Excell’s Email Terms & Conditions which can be found at https://www.excellgroup.com/legal-and-terms/email-terms-conditions/
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
