Hello
We are testing SAML on CAS V5.2.2
After hours everything is fine except this when shibboleth SP 2 is trying
to get the metadata:
2018-03-06 11:25:28 INFO OpenSAML.MetadataProvider.XML : loaded XML
resource (/var/cache/shibboleth/cas-meta.xml)
2018-03-06 11:25:28 INFO OpenSAML.Metadata : applying metadata filter
(Signature)
2018-03-06 11:25:28 WARN OpenSAML.MetadataFilter.Signature : filtering out
entity at root of instance after failed signature check: Root metadata
element was unsigned.
2018-03-06 11:25:28 CRIT OpenSAML.Metadata.Chaining : failure initializing
MetadataProvider: SignatureMetadataFilter unable to verify signature at
root of metadata instance.
./xmlsectool.sh --verifySignature --inFile
/var/cache/shibboleth/cas-meta.xml --certificate
/etc/shibboleth/casv5-signing.crt
INFO XMLSecTool - Reading XML document from file
'/var/cache/shibboleth/cas-meta.xml'
INFO XMLSecTool - XML document parsed and is well-formed.
ERROR XMLSecTool - Signature required but XML document is not signed
So I changed the shibboleth SP setup and it works but it's not nice if I
cans say:
<MetadataProvider type="XML" uri="https://xx/cas/idp/metadata";
backingFilePath="cas-meta.xml" reloadInterval="7200">
<!-- <MetadataFilter type="Signature"
certificate="casv5-signing.crt"/> -->
</MetadataProvider>
Any ideas?
Thanks
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ce62298e-1f22-4595-9f9f-6a1e34051d50%40apereo.org.
