Dear All,
I want to use SAML authentication with an online mode. I have configured
the authentication as requested in the installation guide but I have a
persistent error.
I manage to access the authentication page but these errors appear in
httpd.portal.error
Mar 29 11:37:38 portbail httpd_portal_err:
Mar 29 11:37:38 portbail httpd_portal_err: (process:24194):
Lasso-WARNING **: 11:37:38.738: 2021-03-29 11:37:38 Could not read
KeyInfo from signing KeyDescriptor
Mar 29 11:37:38 portbail httpd_portal_err:
Mar 29 11:37:38 portbail httpd_portal_err: (process:24194):
Lasso-WARNING **: 11:37:38.745: 2021-03-29 11:37:38 Could not read
KeyInfo from encryption KeyDescriptor
On my client machine I have this error.
"Can't validate Identity provider return message".
My metadata file looks like this :
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xml="http://www.w3.org/XML/1998/namespace";
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
entityID="urn:mace:cru.fr:federation:univ-rouen.fr">
<md:IDPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol
urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
<Extensions>
<shibmd:Scope regexp="false">univ-rouen.fr</shibmd:Scope>
</Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>
MIIDMDCCAhigAwIBAgIVAIbyyCIJptsmsKKXHcl1M6rpQXcWMA0GCSqGSIb3DQEB
CwUAMBwxGjAYBgNVBAMMEWlkcC51bml2LXJvdWVuLmZyMB4XDTE2MTIyMTEwNDkw
OFoXDTM2MTIyMTEwNDkwOFowHDEaMBgGA1UEAwwRaWRwLnVuaXYtcm91ZW4uZnIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvFxVXUSBcStqqGVMuPZvR
9XoQNM1Mf058RWCrE7SbZfKXf5g7gheiX0l1xpFlv5MaUe9gtvjRjxUYYoF3FfiW
jRB59Zb4tzZK1vlorD0wj3zhYKoycrqmNcK4ThMFicNpekfhM+I8sntnZ40EjtdC
mecJXO2M2fapei3N9R7CnD/NZu10oPsNC6tvYZs60PJHdetDLdw+vkoo9nwNDwK7
Kb10DBA/gUIEliyCNnAs2pM3cZosJZNZ5/eYYwLoDncbn+V60JZbT/o51iB7z3mQ
y47Mev276X9FxpCASEETMK/AIXmLu7kEigv8ndY/pjB8zWAplCFfi50hOq4x4mpZ
AgMBAAGjaTBnMB0GA1UdDgQWBBQqUH3GSUKxvPTcokb1W/q9AT/EFDBGBgNVHREE
PzA9ghFpZHAudW5pdi1yb3Vlbi5mcoYodXJuOm1hY2U6Y3J1LmZyOmZlZGVyYXRp
b246dW5pdi1yb3Vlbi5mcjANBgkqhkiG9w0BAQsFAAOCAQEAluwHkw1Qr5Jju9K8
5gjZt7bEIM5OAQAbZezM7QAKf/2/L/+dmA/TmA5yx6uV/xSOGKUe6XpTYDYIf+pA
h1QCNcGzhEgZC/nXCT65GWlQ5X4ZlUZ5uz3ViZbsDyd4EVdTVG0repKNuDdI++Vs
r/0jNujmRRjtfk82ht9cl6tbNuygnFZ/D/WKr7Kj6BmGIC6doZwJgauzAhvvEUx9
TpKWQIOv3IOb+pL13/b0GoB0P7JrA5c1CZPlgN0fgm2LIpzxkVEBIa9APWE89FJ+
BN5eLt3E9IyrsIiJEuWoPvxPKIzkG1r26kOxQuPVzZgtzZjVwiotaT02LIMSRTHS
mJjKhA==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>>
<ds:X509Data>
<ds:X509Certificate>
MIIDLzCCAhegAwIBAgIUWvf6hiSiI4KjS/n+xqAFPbKt2r0wDQYJKoZIhvcNAQEF
BQAwHDEaMBgGA1UEAxMRaWRwLnVuaXYtcm91ZW4uZnIwHhcNMTEwNTE3MDk1NTQz
WhcNMzEwNTE3MDk1NTQzWjAcMRowGAYDVQQDExFpZHAudW5pdi1yb3Vlbi5mcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIxi7qpcaAsjhQquoELWUEsz
PZGyg/5lT6KAAfryX17brdK0cQytLZXyqCOsCSYDi8T3dJwrEKUfzMqf4Rvxhzve
fFB6fz22+RkLHezLuywNpICo3qBntqY9ZiIgBV4X2AS6jt5Szbm18qSL5xoxQ+DA
93WKffpCeE9eELWRnu5RKxXam10JBUEMfLxEY+e8ToOcoAU8n/nC7ytE8ReXwcWh
/eqyt3Usf+MwG6qAPNvRvG3quKEcF+7fbpU4RmZz+na49OLoLhoHCyWHdmmL4lIw
U2jRo+7IjD3DJMG3pUjqnKbsLrhyk4McwuN4TCiC2KhKWGFSnzXcjNfcYZsK3MsC
AwEAAaNpMGcwRgYDVR0RBD8wPYIRaWRwLnVuaXYtcm91ZW4uZnKGKGh0dHBzOi8v
aWRwLnVuaXYtcm91ZW4uZnIvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFJZ4dOPm
rji8bFb79aNq2VybCh8RMA0GCSqGSIb3DQEBBQUAA4IBAQADYQEXRdgzmhCNw3RI
4NCayLgtaaCdwG/sYEzxXss5CQ2t8jRn1yQpXxoGSwtROZM/w/L8gtWjSpUSB8av
cKdAZBRB5ojESTkd28/tv3jtA1bjt6OeZwjsCr0RRMBN2A12t4BLfSG7VAKGyE+B
dQ8p2l7xN23XN9sIAxJNcxtK7w85Or6Y8C9iwApqhMihTLWLQPQGSM1pRUKHTInI
XgsbhADqatOXXzkizis9PK9Tf8jFSl9Hcye3gJrgYnn3F7qxvMGzm1KqmsAG3Xnr
yxCa3HYJJd9oze0GYQ3AyxViyin1T4daHyQVMRlC4rjCpVd2f0gp6zX37uF8/i4z
jf6+
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>
MIIDLzCCAhegAwIBAgIUWvf6hiSiI4KjS/n+xqAFPbKt2r0wDQYJKoZIhvcNAQEF
BQAwHDEaMBgGA1UEAxMRaWRwLnVuaXYtcm91ZW4uZnIwHhcNMTEwNTE3MDk1NTQz
WhcNMzEwNTE3MDk1NTQzWjAcMRowGAYDVQQDExFpZHAudW5pdi1yb3Vlbi5mcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIxi7qpcaAsjhQquoELWUEsz
PZGyg/5lT6KAAfryX17brdK0cQytLZXyqCOsCSYDi8T3dJwrEKUfzMqf4Rvxhzve
fFB6fz22+RkLHezLuywNpICo3qBntqY9ZiIgBV4X2AS6jt5Szbm18qSL5xoxQ+DA
93WKffpCeE9eELWRnu5RKxXam10JBUEMfLxEY+e8ToOcoAU8n/nC7ytE8ReXwcWh
/eqyt3Usf+MwG6qAPNvRvG3quKEcF+7fbpU4RmZz+na49OLoLhoHCyWHdmmL4lIw
U2jRo+7IjD3DJMG3pUjqnKbsLrhyk4McwuN4TCiC2KhKWGFSnzXcjNfcYZsK3MsC
AwEAAaNpMGcwRgYDVR0RBD8wPYIRaWRwLnVuaXYtcm91ZW4uZnKGKGh0dHBzOi8v
aWRwLnVuaXYtcm91ZW4uZnIvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFJZ4dOPm
rji8bFb79aNq2VybCh8RMA0GCSqGSIb3DQEBBQUAA4IBAQADYQEXRdgzmhCNw3RI
4NCayLgtaaCdwG/sYEzxXss5CQ2t8jRn1yQpXxoGSwtROZM/w/L8gtWjSpUSB8av
cKdAZBRB5ojESTkd28/tv3jtA1bjt6OeZwjsCr0RRMBN2A12t4BLfSG7VAKGyE+B
dQ8p2l7xN23XN9sIAxJNcxtK7w85Or6Y8C9iwApqhMihTLWLQPQGSM1pRUKHTInI
XgsbhADqatOXXzkizis9PK9Tf8jFSl9Hcye3gJrgYnn3F7qxvMGzm1KqmsAG3Xnr
yxCa3HYJJd9oze0GYQ3AyxViyin1T4daHyQVMRlC4rjCpVd2f0gp6zX37uF8/i4z
jf6+
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://idp.univ-rouen.fr:8443/idp/profile/SAML1/SOAP/ArtifactResolution";
index="1"/>
<ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://idp.univ-rouen.fr:8443/idp/profile/SAML2/SOAP/ArtifactResolution";
index="2"/>
<SingleSignOnService
Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
Location="https://idp.univ-rouen.fr/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://idp.univ-rouen.fr/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://idp.univ-rouen.fr/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://idp.univ-rouen.fr/idp/profile/SAML2/Redirect/SSO"/>
</md:IDPSSODescriptor>
<AttributeAuthorityDescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
<Extensions>
<shibmd:Scope regexp="false">univ-rouen.fr</shibmd:Scope>
</Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >
<ds:X509Data>
<ds:X509Certificate>
MIIDMDCCAhigAwIBAgIVAIbyyCIJptsmsKKXHcl1M6rpQXcWMA0GCSqGSIb3DQEB
CwUAMBwxGjAYBgNVBAMMEWlkcC51bml2LXJvdWVuLmZyMB4XDTE2MTIyMTEwNDkw
OFoXDTM2MTIyMTEwNDkwOFowHDEaMBgGA1UEAwwRaWRwLnVuaXYtcm91ZW4uZnIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvFxVXUSBcStqqGVMuPZvR
9XoQNM1Mf058RWCrE7SbZfKXf5g7gheiX0l1xpFlv5MaUe9gtvjRjxUYYoF3FfiW
jRB59Zb4tzZK1vlorD0wj3zhYKoycrqmNcK4ThMFicNpekfhM+I8sntnZ40EjtdC
mecJXO2M2fapei3N9R7CnD/NZu10oPsNC6tvYZs60PJHdetDLdw+vkoo9nwNDwK7
Kb10DBA/gUIEliyCNnAs2pM3cZosJZNZ5/eYYwLoDncbn+V60JZbT/o51iB7z3mQ
y47Mev276X9FxpCASEETMK/AIXmLu7kEigv8ndY/pjB8zWAplCFfi50hOq4x4mpZ
AgMBAAGjaTBnMB0GA1UdDgQWBBQqUH3GSUKxvPTcokb1W/q9AT/EFDBGBgNVHREE
PzA9ghFpZHAudW5pdi1yb3Vlbi5mcoYodXJuOm1hY2U6Y3J1LmZyOmZlZGVyYXRp
b246dW5pdi1yb3Vlbi5mcjANBgkqhkiG9w0BAQsFAAOCAQEAluwHkw1Qr5Jju9K8
5gjZt7bEIM5OAQAbZezM7QAKf/2/L/+dmA/TmA5yx6uV/xSOGKUe6XpTYDYIf+pA
h1QCNcGzhEgZC/nXCT65GWlQ5X4ZlUZ5uz3ViZbsDyd4EVdTVG0repKNuDdI++Vs
r/0jNujmRRjtfk82ht9cl6tbNuygnFZ/D/WKr7Kj6BmGIC6doZwJgauzAhvvEUx9
TpKWQIOv3IOb+pL13/b0GoB0P7JrA5c1CZPlgN0fgm2LIpzxkVEBIa9APWE89FJ+
BN5eLt3E9IyrsIiJEuWoPvxPKIzkG1r26kOxQuPVzZgtzZjVwiotaT02LIMSRTHS
mJjKhA==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>
MIIDLzCCAhegAwIBAgIUWvf6hiSiI4KjS/n+xqAFPbKt2r0wDQYJKoZIhvcNAQEF
BQAwHDEaMBgGA1UEAxMRaWRwLnVuaXYtcm91ZW4uZnIwHhcNMTEwNTE3MDk1NTQz
WhcNMzEwNTE3MDk1NTQzWjAcMRowGAYDVQQDExFpZHAudW5pdi1yb3Vlbi5mcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIxi7qpcaAsjhQquoELWUEsz
PZGyg/5lT6KAAfryX17brdK0cQytLZXyqCOsCSYDi8T3dJwrEKUfzMqf4Rvxhzve
fFB6fz22+RkLHezLuywNpICo3qBntqY9ZiIgBV4X2AS6jt5Szbm18qSL5xoxQ+DA
93WKffpCeE9eELWRnu5RKxXam10JBUEMfLxEY+e8ToOcoAU8n/nC7ytE8ReXwcWh
/eqyt3Usf+MwG6qAPNvRvG3quKEcF+7fbpU4RmZz+na49OLoLhoHCyWHdmmL4lIw
U2jRo+7IjD3DJMG3pUjqnKbsLrhyk4McwuN4TCiC2KhKWGFSnzXcjNfcYZsK3MsC
AwEAAaNpMGcwRgYDVR0RBD8wPYIRaWRwLnVuaXYtcm91ZW4uZnKGKGh0dHBzOi8v
aWRwLnVuaXYtcm91ZW4uZnIvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFJZ4dOPm
rji8bFb79aNq2VybCh8RMA0GCSqGSIb3DQEBBQUAA4IBAQADYQEXRdgzmhCNw3RI
4NCayLgtaaCdwG/sYEzxXss5CQ2t8jRn1yQpXxoGSwtROZM/w/L8gtWjSpUSB8av
cKdAZBRB5ojESTkd28/tv3jtA1bjt6OeZwjsCr0RRMBN2A12t4BLfSG7VAKGyE+B
dQ8p2l7xN23XN9sIAxJNcxtK7w85Or6Y8C9iwApqhMihTLWLQPQGSM1pRUKHTInI
XgsbhADqatOXXzkizis9PK9Tf8jFSl9Hcye3gJrgYnn3F7qxvMGzm1KqmsAG3Xnr
yxCa3HYJJd9oze0GYQ3AyxViyin1T4daHyQVMRlC4rjCpVd2f0gp6zX37uF8/i4z
jf6+
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>
MIIDLzCCAhegAwIBAgIUWvf6hiSiI4KjS/n+xqAFPbKt2r0wDQYJKoZIhvcNAQEF
BQAwHDEaMBgGA1UEAxMRaWRwLnVuaXYtcm91ZW4uZnIwHhcNMTEwNTE3MDk1NTQz
WhcNMzEwNTE3MDk1NTQzWjAcMRowGAYDVQQDExFpZHAudW5pdi1yb3Vlbi5mcjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIxi7qpcaAsjhQquoELWUEsz
PZGyg/5lT6KAAfryX17brdK0cQytLZXyqCOsCSYDi8T3dJwrEKUfzMqf4Rvxhzve
fFB6fz22+RkLHezLuywNpICo3qBntqY9ZiIgBV4X2AS6jt5Szbm18qSL5xoxQ+DA
93WKffpCeE9eELWRnu5RKxXam10JBUEMfLxEY+e8ToOcoAU8n/nC7ytE8ReXwcWh
/eqyt3Usf+MwG6qAPNvRvG3quKEcF+7fbpU4RmZz+na49OLoLhoHCyWHdmmL4lIw
U2jRo+7IjD3DJMG3pUjqnKbsLrhyk4McwuN4TCiC2KhKWGFSnzXcjNfcYZsK3MsC
AwEAAaNpMGcwRgYDVR0RBD8wPYIRaWRwLnVuaXYtcm91ZW4uZnKGKGh0dHBzOi8v
aWRwLnVuaXYtcm91ZW4uZnIvaWRwL3NoaWJib2xldGgwHQYDVR0OBBYEFJZ4dOPm
rji8bFb79aNq2VybCh8RMA0GCSqGSIb3DQEBBQUAA4IBAQADYQEXRdgzmhCNw3RI
4NCayLgtaaCdwG/sYEzxXss5CQ2t8jRn1yQpXxoGSwtROZM/w/L8gtWjSpUSB8av
cKdAZBRB5ojESTkd28/tv3jtA1bjt6OeZwjsCr0RRMBN2A12t4BLfSG7VAKGyE+B
dQ8p2l7xN23XN9sIAxJNcxtK7w85Or6Y8C9iwApqhMihTLWLQPQGSM1pRUKHTInI
XgsbhADqatOXXzkizis9PK9Tf8jFSl9Hcye3gJrgYnn3F7qxvMGzm1KqmsAG3Xnr
yxCa3HYJJd9oze0GYQ3AyxViyin1T4daHyQVMRlC4rjCpVd2f0gp6zX37uF8/i4z
jf6+
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<AttributeService
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://idp.univ-rouen.fr:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
</AttributeAuthorityDescriptor>
</md:EntityDescriptor>
I have tried several solutions but none of them seem to work. Do you
have any ideas ? Thank you !
--
====================================
Simon FOURMONT
Alternant Réseaux
Pôle réseaux et téléphonie
Direction des systèmes d'information
Université de ROUEN
Bat.16-IRESE-B-Place Emile Blondel
76821 MONT-SAINT-AIGNAN CEDEX
Accès: http://goo.gl/cYgtX
GSM: 07.52.62.67.83
Accueil DSI: 02.35.14.61.00
Mail fonc: [email protected]
Mail pers: [email protected]
====================================
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
