Hello We are testing SAML on CAS V5.2.2
After hours everything is fine except this when shibboleth SP 2 is trying to get the metadata: 2018-03-06 11:25:28 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (/var/cache/shibboleth/cas-meta.xml) 2018-03-06 11:25:28 INFO OpenSAML.Metadata : applying metadata filter (Signature) 2018-03-06 11:25:28 WARN OpenSAML.MetadataFilter.Signature : filtering out entity at root of instance after failed signature check: Root metadata element was unsigned. 2018-03-06 11:25:28 CRIT OpenSAML.Metadata.Chaining : failure initializing MetadataProvider: SignatureMetadataFilter unable to verify signature at root of metadata instance. ./xmlsectool.sh --verifySignature --inFile /var/cache/shibboleth/cas-meta.xml --certificate /etc/shibboleth/casv5-signing.crt INFO XMLSecTool - Reading XML document from file '/var/cache/shibboleth/cas-meta.xml' INFO XMLSecTool - XML document parsed and is well-formed. ERROR XMLSecTool - Signature required but XML document is not signed So I changed the shibboleth SP setup and it works but it's not nice if I cans say: <MetadataProvider type="XML" uri="https://xx/cas/idp/metadata" backingFilePath="cas-meta.xml" reloadInterval="7200"> <!-- <MetadataFilter type="Signature" certificate="casv5-signing.crt"/> --> </MetadataProvider> Any ideas? Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce62298e-1f22-4595-9f9f-6a1e34051d50%40apereo.org.