Unable to verify message signature with supplied trust engine

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Unable to verify message signature with supplied trust engine

Alexandre Adao

I successfully uploaded my new metadata into the testshib.org. After user authentication and providing information to the server, I keeping having the error below. I think testshiboleth still have the old metadata. Is that the case? please assist. I will be very appreciative

2018-05-25 12:22:29 DEBUG OpenSAML.MessageDecoder.SAML2 [246]: extracting issuer from SAML 2.0 protocol message
2018-05-25 12:22:29 DEBUG OpenSAML.MessageDecoder.SAML2 [246]: message from (https://idp.morgan.edu/idp/shibboleth)
2018-05-25 12:22:29 DEBUG OpenSAML.MessageDecoder.SAML2 [246]: searching metadata for message issuer...
2018-05-25 12:22:29 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [246]: evaluating message flow policy (replay checking on, expiration 60)
2018-05-25 12:22:29 DEBUG XMLTooling.StorageService [246]: inserted record (_8706b6c0c4b0fec7bbfe85227ac502a4) in context (MessageFlow) with expiration (1527265588)
2018-05-25 12:22:29 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [246]: validating signature profile
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolving ds:X509Certificate
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolved 1 certificate(s)
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolved 0 CRL(s)
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolving ds:X509Certificate
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolved 1 certificate(s)
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolved 0 CRL(s)
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolving ds:X509Certificate
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolved 1 certificate(s)
2018-05-25 12:22:29 DEBUG XMLTooling.KeyInfoResolver.Inline [246]: resolved 0 CRL(s)
2018-05-25 12:22:29 DEBUG XMLTooling.CredentialCriteria [246]: keys didn't match
2018-05-25 12:22:29 DEBUG XMLTooling.CredentialCriteria [246]: keys didn't match
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.ExplicitKey [246]: unable to validate signature, no credentials available from peer
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: validating signature using certificate from within the signature
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: signature verified with key inside signature, attempting certificate validation...
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: checking that the certificate name is acceptable
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: adding to list of trusted names (https://idp.morgan.edu/idp/shibboleth)
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: certificate subject: CN=idp.morgan.edu
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: unable to match DN, trying TLS subjectAltName match
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: matched DNS/URI subjectAltName to a key name (https://idp.morgan.edu/idp/shibboleth)
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: performing certificate path validation...
2018-05-25 12:22:29 DEBUG XMLTooling.TrustEngine.PKIX [246]: failed to validate certificate chain using supplied PKIX information
2018-05-25 12:22:29 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [246]: unable to verify message signature with supplied trust engine

--Alex Adao


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]