Hi Miguel,
I wouldn’t discard the issue on the IdP side. Do you know what software are they using? If it’s a self-made implementation, it’s likely that there’s something wrong. There could even be a bug, of course. The fact that other SPs work fine indicates that their implementation should be correct, but you’d be surprised by the amount of SPs out there that do not perform signature verification…
In any case, what do you see in the log when validation fails? To be honest, it’s quite difficult to help with a problem like this without being able to debug it properly, so I’m afraid you are pretty much on your own, and you’ll need to attach a debugger there or at least spread some echoes here and there.
There’s one thing that catches my eye, though, that being the elements without content being collapsed (Conditions and SubjectConfirmationData). I don’t recall right now if that’s allowed, but in any case I find it strange that the encrypted+signed assertion and the signed assertion differ, not only in those elements, but also in the order of the attributes of the Assertion element. That might point indeed to an issue in the IdP.
> --
> You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
simplesamlph...@googlegroups.com.
> To post to this group, send email to
simple...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/simplesamlphp.
> For more options, visit
https://groups.google.com/d/optout.
--
Jaime Pérez
UNINETT / Feide
mail:
jaime...@uninett.no
xmpp:
ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost