We’re trying to implement shibboleth and have successfully done so with our dev idP (which is on V3), but when we try to perform the same action with our production idP (currently on V2) we run into errors (see below).
I am wondering if the different versioning is causing the issue? If so, we do plan on upgrading our production idP to V3 in the next couple of weeks. If it’s something outside of that I’m up for suggestions.
When targeting our production idP we can authenticate against it, but then we run into issues and shibboleth errors out.
I see two possible issue points.
1)In the Shibd.log I noticed that the key algorithm don’t match up.
XMLTooling.CredentialCriteria : key algorithm didn't match ('AES' != 'RSA')
I dug around that for a bit and it looks like we’re still getting attributes passed back to us so I think this issue is resolving itself.
2)What looks more likely the culprit is this error I found in the native.log file
The first message probably indicates that your IdP is using a certificate that doesn't match the certificate in its metadata as loaded by the SP.
The second message indicates that the two halves of your SP -- the ISAPI filter and the shibd process -- can't talk to each other. That's fully self-contained in the SP and a Windows error code. It'll be very hard for anyone to diagnose that remotely, but something on that server is breaking things.