Unable to find a certificate matching the configured fingerprint
1,388 views
Skip to first unread message
vany
Apr 8, 2011, 6:39:53 AM4/8/11
to simpleSAMLphp
Hi @all
I have still another problem :)
If I make an authentication with simpleSAMLphp to my IdP it works.
But then I will be backwarded to simpleSAMLphp Error-Page.
There is an Exception:
Unable to find a certificate matching the configured fingerprint.
I made my own certificate like it was explained in the sp tutorial.
I have set in authsources.php:
'certificate' => 'saml.crt',
'privatekey' => 'saml.pem',
'privatekey_pass' => 'secretpassword',
and in saml20-idp-remote.php I took the options my IdP gave me:
$metadata['https://idp.swisssign.net/suisseid'] = array(
'name' => 'SwissSign',
'metadata-set' => 'saml20-idp-remote',
'SingleSignOnService' => 'https://idp.swisssign.net/suisseid/SSOPOST/
metaAlias/swisssign.net/idp',
'SingleLogoutService' => 'https://idp.swisssign.net/suisseid/UI/
Logout',
'certFingerprint' => 'c9ed4dfb07caf13fc21e0fec1572047eb8a7a4cb',
);
Do I have to take a certificate from my IdP?
Thank you very much
Greetings Vany
I have still another problem :)
If I make an authentication with simpleSAMLphp to my IdP it works.
But then I will be backwarded to simpleSAMLphp Error-Page.
There is an Exception:
Unable to find a certificate matching the configured fingerprint.
I made my own certificate like it was explained in the sp tutorial.
I have set in authsources.php:
'certificate' => 'saml.crt',
'privatekey' => 'saml.pem',
'privatekey_pass' => 'secretpassword',
and in saml20-idp-remote.php I took the options my IdP gave me:
$metadata['https://idp.swisssign.net/suisseid'] = array(
'name' => 'SwissSign',
'metadata-set' => 'saml20-idp-remote',
'SingleSignOnService' => 'https://idp.swisssign.net/suisseid/SSOPOST/
metaAlias/swisssign.net/idp',
'SingleLogoutService' => 'https://idp.swisssign.net/suisseid/UI/
Logout',
'certFingerprint' => 'c9ed4dfb07caf13fc21e0fec1572047eb8a7a4cb',
);
Do I have to take a certificate from my IdP?
Thank you very much
Greetings Vany
Olav Morken
Apr 11, 2011, 2:26:30 AM4/11/11
to simple...@googlegroups.com
Yes, a certificate or some other way of identifying the IdP's
certificate (e.g. a certFingerprint) is required. Without a certificate
we have no way of knowing if the response was actually issued by the
IdP.
Regards,
Olav Morken
UNINETT / Feide
vany
Apr 11, 2011, 2:31:27 AM4/11/11
to simpleSAMLphp
Hi Olav
Thank you for your answer.
Where do I have to put my IdP's certificate?
In cert/ ?
And do I have to set
Thank you very much, I'm a little bit nervous because it's my
graduation work...
Greets Vany
Thank you for your answer.
Where do I have to put my IdP's certificate?
In cert/ ?
And do I have to set
> > 'certificate' => 'saml.crt',
> > 'privatekey' => 'saml.pem',
to the certificates of my IdP?
> > 'privatekey' => 'saml.pem',
Thank you very much, I'm a little bit nervous because it's my
graduation work...
Greets Vany
vany
Apr 11, 2011, 5:53:00 AM4/11/11
to simpleSAMLphp
Hi Olav
It works!
thank you very much
It works!
thank you very much
Reply all
Reply to author
Forward
0 new messages