Hello
We are testing SAML on CAS V5.2.2
After hours everything is fine except this when shibboleth SP 2 is trying to get the metadata:
2018-03-06 11:25:28 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (/var/cache/shibboleth/cas-meta.xml)
2018-03-06 11:25:28 INFO OpenSAML.Metadata : applying metadata filter (Signature)
2018-03-06 11:25:28 WARN OpenSAML.MetadataFilter.Signature : filtering out entity at root of instance after failed signature check: Root metadata element was unsigned.
2018-03-06 11:25:28 CRIT OpenSAML.Metadata.Chaining : failure initializing MetadataProvider: SignatureMetadataFilter unable to verify signature at root of metadata instance.
./xmlsectool.sh --verifySignature --inFile /var/cache/shibboleth/cas-meta.xml --certificate /etc/shibboleth/casv5-signing.crt
INFO XMLSecTool - Reading XML document from file '/var/cache/shibboleth/cas-meta.xml'
INFO XMLSecTool - XML document parsed and is well-formed.
ERROR XMLSecTool - Signature required but XML document is not signed
So I changed the shibboleth SP setup and it works but it's not nice if I cans say:
backingFilePath="cas-meta.xml" reloadInterval="7200">
<!-- <MetadataFilter type="Signature" certificate="casv5-signing.crt"/> -->
</MetadataProvider>
Any ideas?
Thanks