0
Я использую свой SP для аутентификации с помощью IDS TestShib. После входа в систему на IDP, на SP Side я получаю эту ошибкуShibboleth - имя сертификата не принимается
Unable to establish security of incoming assertion.
Из shibd.log я вижу
2016-11-03 11:30:34 ERROR XMLTooling.TrustEngine.PKIX [4]: certificate name was not acceptable
2016-11-03 11:30:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [4]: unable to verify message signature with supplied trust engine
2016-11-03 11:30:34 WARN Shibboleth.SSO.SAML2 [4]: detected a problem with assertion: Unable to establish security of incoming assertion.
Пожалуйста посоветуйте.
Обновление-
Больше от shibd.log
2016-11-03 11:10:55 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:2.5.4.3
2016-11-03 11:10:55 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:2.5.4.4
2016-11-03 11:10:55 INFO Shibboleth.Application : building AttributeFilter of type XML...
2016-11-03 11:10:55 INFO Shibboleth.AttributeFilter : reload thread started...running when signaled
2016-11-03 11:10:55 INFO Shibboleth.AttributeFilter : loaded XML resource (/opt/shibboleth-sp/etc/shibboleth/attribute-policy.xml)
2016-11-03 11:10:55 INFO Shibboleth.Application : building AttributeResolver of type Query...
2016-11-03 11:10:55 INFO Shibboleth.Application : building CredentialResolver of type File...
2016-11-03 11:10:55 INFO XMLTooling.SecurityHelper : loading private key from file (/opt/shibboleth-sp/etc/shibboleth/sp-key.pem)
2016-11-03 11:10:55 INFO XMLTooling.SecurityHelper : loading certificate(s) from file (/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem)
2016-11-03 11:10:55 INFO Shibboleth.Listener : registered remoted message endpoint (default::getHeaders::Application)
2016-11-03 11:10:55 INFO Shibboleth.Listener : listener service starting
2016-11-03 11:11:34 ERROR XMLTooling.TrustEngine.PKIX [2]: certificate name was not acceptable
2016-11-03 11:11:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [2]: unable to verify message signature with supplied trust engine
2016-11-03 11:11:34 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Unable to establish security of incoming assertion.
2016-11-03 11:25:55 INFO XMLTooling.StorageService : purged 3 expired record(s) from storage
2016-11-03 11:30:34 ERROR XMLTooling.TrustEngine.PKIX [4]: certificate name was not acceptable
2016-11-03 11:30:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [4]: unable to verify message signature with supplied trust engine
2016-11-03 11:30:34 WARN Shibboleth.SSO.SAML2 [4]: detected a problem with assertion: Unable to establish security of incoming assertion.
2016-11-03 11:40:55 INFO XMLTooling.StorageService : purged 3 expired record(s) from storage
От shibd_warn.log
2016-11-03 10:50:10 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Message was signed, but signature could not be verified.
2016-11-03 11:11:34 ERROR XMLTooling.TrustEngine.PKIX [2]: certificate name was not acceptable
2016-11-03 11:11:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [2]: unable to verify message signature with supplied trust engine
2016-11-03 11:11:34 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Unable to establish security of incoming assertion.
2016-11-03 11:30:34 ERROR XMLTooling.TrustEngine.PKIX [4]: certificate name was not acceptable
2016-11-03 11:30:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [4]: unable to verify message signature with supplied trust engine
2016-11-03 11:30:34 WARN Shibboleth.SSO.SAML2 [4]: detected a problem with assertion: Unable to establish security of incoming assertion.
Где вы указали название сертификата? – Akshay
@ Имя сертификата Akshay предоставляется в shibboleth2.xml – user2811968