0
我正在使用SP对TestShib IDP进行身份验证。登录于IDP,对SP边后,我得到这个错误Shibboleth - 证书名称不可接受
Unable to establish security of incoming assertion.
从shibd.log我看到
2016-11-03 11:30:34 ERROR XMLTooling.TrustEngine.PKIX [4]: certificate name was not acceptable
2016-11-03 11:30:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [4]: unable to verify message signature with supplied trust engine
2016-11-03 11:30:34 WARN Shibboleth.SSO.SAML2 [4]: detected a problem with assertion: Unable to establish security of incoming assertion.
请指教。
更新 -
从shibd.log
2016-11-03 11:10:55 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:2.5.4.3
2016-11-03 11:10:55 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:2.5.4.4
2016-11-03 11:10:55 INFO Shibboleth.Application : building AttributeFilter of type XML...
2016-11-03 11:10:55 INFO Shibboleth.AttributeFilter : reload thread started...running when signaled
2016-11-03 11:10:55 INFO Shibboleth.AttributeFilter : loaded XML resource (/opt/shibboleth-sp/etc/shibboleth/attribute-policy.xml)
2016-11-03 11:10:55 INFO Shibboleth.Application : building AttributeResolver of type Query...
2016-11-03 11:10:55 INFO Shibboleth.Application : building CredentialResolver of type File...
2016-11-03 11:10:55 INFO XMLTooling.SecurityHelper : loading private key from file (/opt/shibboleth-sp/etc/shibboleth/sp-key.pem)
2016-11-03 11:10:55 INFO XMLTooling.SecurityHelper : loading certificate(s) from file (/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem)
2016-11-03 11:10:55 INFO Shibboleth.Listener : registered remoted message endpoint (default::getHeaders::Application)
2016-11-03 11:10:55 INFO Shibboleth.Listener : listener service starting
2016-11-03 11:11:34 ERROR XMLTooling.TrustEngine.PKIX [2]: certificate name was not acceptable
2016-11-03 11:11:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [2]: unable to verify message signature with supplied trust engine
2016-11-03 11:11:34 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Unable to establish security of incoming assertion.
2016-11-03 11:25:55 INFO XMLTooling.StorageService : purged 3 expired record(s) from storage
2016-11-03 11:30:34 ERROR XMLTooling.TrustEngine.PKIX [4]: certificate name was not acceptable
2016-11-03 11:30:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [4]: unable to verify message signature with supplied trust engine
2016-11-03 11:30:34 WARN Shibboleth.SSO.SAML2 [4]: detected a problem with assertion: Unable to establish security of incoming assertion.
2016-11-03 11:40:55 INFO XMLTooling.StorageService : purged 3 expired record(s) from storage
更多来自shibd_warn.log
2016-11-03 10:50:10 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Message was signed, but signature could not be verified.
2016-11-03 11:11:34 ERROR XMLTooling.TrustEngine.PKIX [2]: certificate name was not acceptable
2016-11-03 11:11:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [2]: unable to verify message signature with supplied trust engine
2016-11-03 11:11:34 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Unable to establish security of incoming assertion.
2016-11-03 11:30:34 ERROR XMLTooling.TrustEngine.PKIX [4]: certificate name was not acceptable
2016-11-03 11:30:34 ERROR OpenSAML.SecurityPolicyRule.XMLSigning [4]: unable to verify message signature with supplied trust engine
2016-11-03 11:30:34 WARN Shibboleth.SSO.SAML2 [4]: detected a problem with assertion: Unable to establish security of incoming assertion.
你从哪里提供证书名称? – Akshay
@ shksboleth2.xml提供@Akshay证书名称 – user2811968