Hi,
On 8 May 2018, at 02:59 AM,
stpe...@hotmail.com wrote:
> I set up a test IDP on another server and connected this SP to it. I am getting the same error. So it has to be my SP/certificate. But I still don't know what. On the IDP side I see this in the log:
> May 07 20:55:32 simplesamlphp DEBUG [921684528c] </samlp:AuthnRequest>
> May 07 20:55:32 simplesamlphp DEBUG [921684528c] Has 1 candidate keys for validation.
> May 07 20:55:32 simplesamlphp DEBUG [921684528c] Validation with key #0 failed with exception: Unable to validate signature on query string.
> May 07 20:55:32 simplesamlphp ERROR [921684528c] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
>
> So it recognizes the SP from the metadata. So why can it not use the cert to validate it? Weird.
Because the certificate used to verify the signature doesn’t match the private key used to sign it.
Check your setup. It looks like the private key and the certificate you have configured don’t belong together.
—
Jaime Pérez
Uninett / Feide
jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost