SAML signing metadata

332 views
Skip to first unread message

Lalot Dominique

unread,
Mar 6, 2018, 5:47:43 AM3/6/18
to CAS Community
Hello

We are testing SAML  on CAS V5.2.2

After hours everything is fine except this when shibboleth SP 2 is trying to get the metadata:

2018-03-06 11:25:28 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (/var/cache/shibboleth/cas-meta.xml)
2018-03-06 11:25:28 INFO OpenSAML.Metadata : applying metadata filter (Signature)
2018-03-06 11:25:28 WARN OpenSAML.MetadataFilter.Signature : filtering out entity at root of instance after failed signature check: Root metadata element was unsigned.
2018-03-06 11:25:28 CRIT OpenSAML.Metadata.Chaining : failure initializing MetadataProvider: SignatureMetadataFilter unable to verify signature at root of metadata instance.

./xmlsectool.sh --verifySignature --inFile /var/cache/shibboleth/cas-meta.xml --certificate /etc/shibboleth/casv5-signing.crt
INFO  XMLSecTool - Reading XML document from file '/var/cache/shibboleth/cas-meta.xml'
INFO  XMLSecTool - XML document parsed and is well-formed.
ERROR XMLSecTool - Signature required but XML document is not signed

So I changed the shibboleth SP setup and it works but it's not nice if I cans say:

        <MetadataProvider type="XML" uri="https://xx/cas/idp/metadata"
              backingFilePath="cas-meta.xml" reloadInterval="7200">
<!--            <MetadataFilter type="Signature" certificate="casv5-signing.crt"/> -->
        </MetadataProvider>
 
Any ideas?

Thanks

Vi González Arellano

unread,
Mar 15, 2019, 6:54:01 AM3/15/19
to CAS Community
Did you finally solve the issue? 
Reply all
Reply to author
Forward
0 new messages