Exception: Invalid fingerprint of certificate. Expected one of [44c4e9960734e69f5449a746e2a82a1bafad5a8d], but got [f4fdba42f930aef57f443be5578892a715cc9f72]
220 views
Skip to first unread message
mi...@juic3.com
Apr 13, 2015, 9:37:13 AM4/13/15
to simple...@googlegroups.com
Hi All
I have just added the UK Federations test idp to my installation in shib13-idp-remote.php
When I try log in I get the error below. I am quite new to SAML and Federations so any help is appreciated.
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 0 /srv/users/emplaw/apps/emplawdo/simplesaml/www/module.php:179 (N/A) Caused by: Exception: Invalid fingerprint of certificate. Expected one of [44c4e9960734e69f5449a746e2a82a1bafad5a8d], but got [f4fdba42f930aef57f443be5578892a715cc9f72] Backtrace: 4 /srv/users/emplaw/apps/emplawdo/simplesaml/lib/SimpleSAML/XML/Validator.php:214 (SimpleSAML_XML_Validator::validateCertificateFingerprint) 3 /srv/users/emplaw/apps/emplawdo/simplesaml/lib/SimpleSAML/XML/Validator.php:248 (SimpleSAML_XML_Validator::validateFingerprint) 2 /srv/users/emplaw/apps/emplawdo/simplesaml/lib/SimpleSAML/XML/Shib13/AuthnResponse.php:101 (SimpleSAML_XML_Shib13_AuthnResponse::validate) 1 /srv/users/emplaw/apps/emplawdo/simplesaml/modules/saml/www/sp/saml1-acs.php:74 (require) 0 /srv/users/emplaw/apps/emplawdo/simplesaml/www/module.php:134 (N/A)
Jaime Perez Crespo
Apr 13, 2015, 10:37:50 AM4/13/15
to simple...@googlegroups.com
Hi Mike,
> On 13 Apr 2015, at 15:37 pm, mi...@juic3.com wrote:
> Hi All
>
> I have just added the UK Federations test idp to my installation in shib13-idp-remote.php
How did you add the metadata? If you parsed it with SimpleSAMLphp and their metadata is correct, you shouldn’t get such an error.
Besides, I don’t know if the test IdP does still support SAML 1.1, but I think you should be using SAML 2.0 anyway. That means you need to add metadata to saml20-idp-remote instead.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
> On 13 Apr 2015, at 15:37 pm, mi...@juic3.com wrote:
> Hi All
>
> I have just added the UK Federations test idp to my installation in shib13-idp-remote.php
Besides, I don’t know if the test IdP does still support SAML 1.1, but I think you should be using SAML 2.0 anyway. That means you need to add metadata to saml20-idp-remote instead.
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Michael Hall
Apr 13, 2015, 10:52:07 AM4/13/15
to simple...@googlegroups.com
Hiya
I parsed it with the simplesaml parser. I just parsed it again and added it to saml20-idp-remote.php and now get the error below. It all works with the Feide Open IdP so not sure where this is coming from.
I parsed it with the simplesaml parser. I just parsed it again and added it to saml20-idp-remote.php and now get the error below. It all works with the Feide Open IdP so not sure where this is coming from.
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace: 0 /srv/users/emplaw/apps/emplawdo/simplesaml/www/module.php:179 (N/A) Caused by: Exception: Unable to validate Signature Backtrace: 6 /srv/users/emplaw/apps/emplawdo/simplesaml/vendor/simplesamlphp/saml2/src/SAML2/Utils.php:157 (SAML2_Utils::validateSignature) 5 /srv/users/emplaw/apps/emplawdo/simplesaml/vendor/simplesamlphp/saml2/src/SAML2/Assertion.php:541 (SAML2_Assertion::validate) 4 /srv/users/emplaw/apps/emplawdo/simplesaml/modules/saml/lib/Message.php:194 (sspmod_saml_Message::checkSign) 3 /srv/users/emplaw/apps/emplawdo/simplesaml/modules/saml/lib/Message.php:545 (sspmod_saml_Message::processAssertion) 2 /srv/users/emplaw/apps/emplawdo/simplesaml/modules/saml/lib/Message.php:517 (sspmod_saml_Message::processResponse) 1 /srv/users/emplaw/apps/emplawdo/simplesaml/modules/saml/www/sp/saml2-acs.php:96 (require) 0 /srv/users/emplaw/apps/emplawdo/simplesaml/www/module.php:134 (N/A)
--
You received this message because you are subscribed to a topic in the Google Groups "simpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/DbFIJnJyE3k/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.
Jaime Perez Crespo
Apr 13, 2015, 10:56:31 AM4/13/15
to simple...@googlegroups.com
Hi,
> On 13 Apr 2015, at 16:52 pm, Michael Hall <mi...@juic3.com> wrote:
> I parsed it with the simplesaml parser. I just parsed it again and added it to saml20-idp-remote.php and now get the error below. It all works with the Feide Open IdP so not sure where this is coming from.
It could be then that they made a mistake somewhere, and the test IdP is signing their messages with a different key than the one published in their metadata. If it works with other IdPs, I would contact the UKfed and tell them what the problem is.
> On 13 Apr 2015, at 16:52 pm, Michael Hall <mi...@juic3.com> wrote:
> I parsed it with the simplesaml parser. I just parsed it again and added it to saml20-idp-remote.php and now get the error below. It all works with the Feide Open IdP so not sure where this is coming from.
Reply all
Reply to author
Forward
0 new messages