Farzan Qureshi
2014-08-12 23:31:59 UTC
Hi,
I have configured Shiboleth IdP. Metadata and relying-party.xml carries the
same certificate. However I still get this error when I try to authenticate
using testshib.org: I have also referred to most common errors of shiboleth
on the website.
opensaml::FatalProfileException at (
https://sp.testshib.org/Shibboleth.sso/SAML2/POST)
Message was signed, but signature could not be verified.
Following are the logs from shib.org:
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]:
validating signature using certificate from within the signature
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: signature
verified with key inside signature, attempting certificate
validation...
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: checking
that the certificate name is acceptable
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: adding to
list of trusted names (https://idp.rosmini.school.nz/idp/shibboleth)
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]:
certificate subject:
emailAddress=admin-***@public.gmane.org,CN=idp.rosmini.school.nz,C=NZ,description=DiT98uKD8Jk33Wf1
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match DN, trying TLS subjectAltName match
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match subjectAltName, trying TLS CN match
2014-08-12 19:15:15 ERROR XMLTooling.TrustEngine.PKIX [887]:
certificate name was not acceptable
2014-08-12 19:15:15 ERROR OpenSAML.SecurityPolicyRule.XMLSigning
[887]: unable to verify message signature with supplied trust engine
2014-08-12 19:15:15 WARN Shibboleth.SSO.SAML2 [887]: detected a
problem with assertion: Message was signed, but signature could not be
verified.
2014-08-12 19:16:55 DEBUG Shibboleth.Listener [896]: dispatching
message (default/TestShib::run::SAML2SI)
2014-08-12 19:16:55 WARN Shibboleth.SessionInitiator.SAML2 [896]:
unable to locate metadata for provider
(http://idp.example.org:8080/idp/shibboleth)
2014-08-12 19:23:24 DEBUG Shibboleth.Listener [885]: dispatching
message (default/TestShib::run::SAML2SI)
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
validating input
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
marshalling, deflating, base64-encoding the message
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
marshalled message:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"
Destination="https://idp.rosmini.school.nz/idp/profile/SAML2/Redirect/SSO"
ID="_f1069f296eac8ef017493d2853c81290"
IssueInstant="2014-08-12T23:23:24Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"><saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sp.testshib.org/shibboleth-sp</saml:Issuer><samlp:NameIDPolicy
AllowCreate="1"/></samlp:AuthnRequest>
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
message encoded, sending redirect to client
2014-08-12 19:23:25 DEBUG Shibboleth.Listener [887]: dispatching
message (default/SAML2/POST)
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2POST [887]:
validating input
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2POST [887]:
decoded SAML message:
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"
ID="_4ba1b90bdbb2c8a16e384d43147fbdc4"
InResponseTo="_f1069f296eac8ef017493d2853c81290"
IssueInstant="2014-08-12T23:23:25.065Z" Version="2.0"><saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.rosmini.school.nz/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_a89fb4eda8dfd2294b9823a2ce71f25b"
Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey
Id="_49c3ae7fef363bb63828375c9a1ef9e2"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEPjCCAyagAwIBAgIBADANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMM
UGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2
aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmcwHhcNMDYwODMwMjEyNDM5WhcN
MTYwODI3MjEyNDM5WjB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYD
VQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYD
VQQDEw9zcC50ZXN0c2hpYi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJyR6Z
P6MXkQ9z6RRziT0AuCabDd3x1m7nLO9ZRPbr0v1LsU+nnC363jO8nGEqsqkgiZ/bSsO5lvjEt4eh
ff57ERio2Qk9cYw8XCgmYccVXKH9M+QVO1MQwErNobWbAjiVkuhWcwLWQwTDBowfKXI87SA7KR7s
FUymNx5z1aoRvk3GM++tiPY6u4shy8c7vpWbVfisfTfvef/y+galxjPUQYHmegu7vCbjYP3On0V7
/Ivzr+r2aPhp8egxt00QXpilNai12LBYV3Nv/lMsUzBeB7+CdXRVjZOHGuQ8mGqEbsj8MBXvcxIK
bcpeK5ZiJCVXPfarzuriM1G5y5QkKW+LAgMBAAGjgdQwgdEwHQYDVR0OBBYEFKB6wPDxwYrYStNj
U5P4b4AjBVQVMIGhBgNVHSMEgZkwgZaAFKB6wPDxwYrYStNjU5P4b4AjBVQVoXukeTB3MQswCQYD
VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYD
VQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmeC
AQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAc06Kgt7ZP6g2TIZgMbFxg6vKwvDL
0+2dzF11Onpl5sbtkPaNIcj24lQ4vajCrrGKdzHXo9m54BzrdRJ7xDYtw0dbu37l1IZVmiZr12eE
Iay/5YMU+aWP1z70h867ZQ7/7Y4HW345rdiS6EW663oH732wSYNt9kr7/0Uer3KD9CuPuOidBaco
spDaFyfsaJruE99Kd6Eu/w5KLAGG+m0iqENCziDGzVA47TngKz2vPVA+aokoOyoz3b53qeti77ij
atSEoKjxheBWpO+eoJeGq/e49Um3M2ogIX/JAlMaInh+vYSYngQB2sx9LGkR9KHaMKNIGCDehk93
Xla4pWJx1w==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>rKO0FOpQjNwEMECoJLlNcDlPqC3BRaocJyci1sXX/ngnYCYPqz5QhGNrc7k+FYYOXFEyE18R+dbgKXpkReWdsQnYN5HN5OWA2TXutcgWMNdi3KImrdjFOuT7eR/ZdBo1vSTjLp+YrezC+G7ojxBcw7CaFRilxU/Y0caYK1fJSPhd+C4tYY+HbchCS7DOuFdGug+IS61NiMWRW11yHe97jva2dpM0CF5Ai5VOZ8XaLV69AaMToL55VcW/hPsx82f+IlFxIxOu81dZrPgmsEXy5i/ybwL0TZcq1tvnGAiP7qFLdBHtMfMWxsOZP6G/Xtb78Nt8MpHt4RX3s4HyUm1AQw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>IjcBqr3GPS6PEulnsfGbR/e5y06F5RFRkD5cxoQk6xIp1u5nlnM8uUGJJyCFEc6HLE2GZWRDUHmMwki7HvCmZVkamXQ6Qrv8kQnl3b7puDLVRFncjEq8wjc5WxPah4tq556couRXssrnX/6uce9mA0caPf2jo6k+bVEvJnTueE8/CPClTl6ba5+IH7gJHdxs2ypy0MbpTtUQZ5EcBDg44Ap6FLnoExeKcxrR+Rrp7TBzyMX3a4DSOZZak4Lo24wyla3cSFScgeRc1DpoSkDBPRzf63OVOchbuSmStYL5To1z2RCbDg691tv0gDxeO2B5Cr2H2167FAn0EWGA5r2gehS6ZYfPTKO5t7W21Clv7gAtGizKvtOdTupdQ5nbpczt1TS2k7hFLGMzNBoZDW/lI2VEXshCHTkXkxPUvM2GbPyLtqmq8Ce2q9jZaMn2bcQ40a3I5eudrZ0bDDO5RKdCkr3YZb8GieJfupMSkqN/ON1n0HvyUvMZp6oGDatI1KzFlDu1YHzPS17yRZfhA7nOxifGbXkO+nlnZRdOtbyo56003yNS5Pe9DjSYZ9+yhhld+XJjFaR+Q2q3BkzcKobian5ityqs0CzJc8aa5TPsAEm09Im4FuX5Zm2qnd1yYMecgROIEyhRcGU+Td9zXsHaRsZkIv1PLM/zib7Wy5NBwiosgabqHAEh4F6o5OSkjc5djQOEe37No9uIExh+U4Isv6Blks88BJVDC4RxbWXD10XJexm098oKoLp5Rk0J/qGl02ilkcXmyOkDjIRwemdhKBqIj3YnBvupUBW+KXpFvgs/Mlv8gZ0A47OvhLFq2GuEBCY2jbfKGPdjWgcyETzehRKqUChyzrZhEPbogORBS5KYzjayufH5hoYQ1eAuMItiLlEUc/9EZsgkqeb/Xxrq6edYEqsxW6RqazxlKw0CNVA0Q6FFa3Y6mTQEIesLR8ocCG7zoyKmuZvneDn0uH1abFMOUvrqnl7NneYvnVqYX3x+WhBtO+GaUppJU2vrvqNrBzRFdEVNcdw8vB7SKxF6yt1lm72AkyL4C7+K7qprtoUvvX5kd9huesWh53xu6KMtQYSHYrF+EUOSsGGcq1CoYYTi7NDV1tZz5NUgY0kHxwvABVdDfnPRydmE4uL99JudpiKCghHTrUb6IJtHuseMvjjOm280fFpmeOVGwlR7cwbOaoWcy8Yrjro/kwXn54bWJjE+17T/bIIwRKDzePEsILvwY6BBjDm2OdkRasKc50p1au4p7Ob3qg4ZAd82R+n+EEJ6Vv2AyorRdcX5nibHcefAJaV1cURssYwlWfrjVY3ZfCdCur0cGDHMoigvWvojL4nG7jiWGdrbwQYVY4AAEtP2JC7GOisBvf6xUdICT608Ak69mHIGWjhgjtF4ti9BKLDohXsFNaHyPcHyikpooPhOzCPU/tPuLfN8f66Wgxq4R4IeL5kELZSCjEwxl/U0LwV9XP09QuYroWCZfnmLi2VPXr/9hG8Cio9N6X15VEQusrzfRSdcaUyjjCGQF6JoXH4Dtsqvhn+vneKA65AODBYrn//8SwtEQRiS3Zr7H/i1kFGGHPNUqMc+CQ26UVazQiZpMaG/r6ak0k0hBHRXb92/eg0GE/+MXPuiWc8FpTZKo2ZE/9BDsTRA2WY+rD1NiAe7nzMJ+7Gp5/8QSE42wXyAoZJ1vIypQh4IB65JSJvYzPcXyf/u3OGww6Bu52nOKpxsyLkElZUMnDdTZxq7cvVjI+l9dkuoISDBy4efH4bEuxJQpWNw7eNDRxZBzO8sb7meYqMFKavGiT7T7mwwsL7Ew7exVn//2QF8xa5qi2YDesgD+Q4wZ9q69Q6PKycjgswsnHJ0D8u8OQx3zoRbXYZ7+OZUAFvaijVqDwsLIWA4yfftcN279U2aKtZ4CoLpZEj+y5ybbvDw686Np4jPxheU5RZwdUur7NicFOlGjhxM7P2CaXxqqbhaB4G4vhknTv/mfVMNNNjc73+1aZVujNgoqWWolzLzsOgTUnBsbnKmTbZi8xo6j29RcVl5tcmoPKd7kVC06kIhUSJyV6CeK6EtosjtzF7UwJ4CcIvXiu+KPbyBb7pi/62dx4Ld9E2jMISL7+aJSGMWsJX4LKC+CxgUCK3UWve1W04CJUOz2K1dw4q7Hv4yeGap+fcQIQytYKcp5EHFfcLEdLHKUdTxWgF2gswHTbcB9BKZGgjsRKNedCaQcGcmxN9aY670E0GzWhzvW+skypkvijw3Fu9jeLSm4veg5NeAUcviuLnntcFupzIsVtZGzC1vcFbr9DWVDKWYxeroFIiopgvhDSvTixzjJa4f2QFiIRYKexzHvLODViEzU6fvI/IdHfhOaB68uqcitOABVytUVTZ/LFRdN/lZ+7SzhrTPxsKBK/kMOkBR2qN4k52xIo1L92+R6l59VNb65T/vFXyDqqUIrHsraB8xRDz1nMNvBiV8SD5WLSUpK0z4bVuGfVx30Ai3oD/A5ScMPXWVSa006pgirf3tyopKlvE4QTXmfz5glJXXXIiJJoryRYeWd87rVCRRSTulb16DiPQfBojraWCb+C6Ax/cmUtXcpeZrYOXF4S0uSNHJeF8/vLtka/kpydd3q5ZKDdXcwdknXURC73p7NHW/1Pmmyo6Iqr2fMwYANp/KfVNkOinyQMIbyE3Bs5ztOTlO7EGcMpbzXfHRknnlTGEQUS8ATBQb72LWQGpONTgxRGU1k6FBQZZfPdeXS1dWvN+Z3psaZjxLR4uFkCsCdTVRMo+NoECNmQb1pbnD2AjeKjGqT8CO0EYojqh9ps0M/2yrWKDpfvXQeKhzTFZe3OBWNwapVZzmbFnoxEjfBGC1D9lLU94t8VJyDVYZb6LD22e2ADk+KQKqqUaH3opKlWbYynhMMyEWZiCsDOAnMga9T21huJ9Ro4MiHPoeOdzh7/S+/fmJ3QDXImy4+RwDH70Txejv9l2P7R78bS3mf338VNAgw3SWgndISJX25w5wlCBXh7DNHBlUHjiWupWFPjXNRnYyAf56/G71JXXNmfSwKPtUBT3bgmYKN9LO8V1mabE4NvJLpRmzj28G7XPkksR2UT5qOuuJOGEmPcXZ1tsoqSM1AIyRM+/rGP8eL0zLafrJ+8yWcxSIKn87KWKX/qHJhuawexLS+ei7E8LC38bY5Uwu8ZNuAy7t7Ybh7lALJvtmiIxoftuA+5+hsv9L49NR97AasDCeGlNiJE/bvMnAZzkZotaNh9eEV60WVTsdpNwmdGtcyGWr31sA6QDLQgBADPPo1XOtkFf/maqwtuDjylxfDX9y1dYd/cL1/UBEG0K9rtla7FGYRUH0/MT2ukTqzm96NzxAsZogs9odRDj0VigFMn3WsO47I+NuZ58zxVO0vs2ui1Ym218CsFWzBuYSTecUrzX9mELmXCWSeMDsx2RIOGKje2vLrPlL5nfVIL4E3YP6mi68jHrKEjMjSatWyKm0pScBonlPjYUAPjwUD34yCS4YspO6sIaGW1nF11O1UtEJAUVMVRAPlb8dBmr3RP6q23Y1HeKCc4UXBLM5xSJvuAfrcZwjO9BZ4rtplhdXUeQgttjZirQrLK6g8D2O4/0QkBq4rfnQOotUh95I7RDFg03q5k1b7EgDRG2pKk/ETJxW66af10GzblzzXMV9VLqVn7dtV02Myh8LVjdaH33KKVhNpI8OxAm6V/PIzrRLoqT9sZpa/ZZHLdMt5UZcA/4EAMwDOCCby6JaOuJd+KuVknQbT0hfC/q7x6L7ehAgeJyHTlvEHODHgBna/LeL6fLYRRzT9S9mSo6YY8s9W9iXK6cx7EHPf30cXeXCIcKlSJOFDhrtjZyaPftkAGzDhuERQWFhaYXD63bVpBjHz8K+BrQ5xKaHKzSDThdWbZIvyOK3UQHGx+hN3G9feN2MFspnTdXCkedboFZquGMQAUbftewqWb9kOnwEV6ubfWglfew52AL0h6y2UdoWJifYNTL71/xQ3Al7DmSIbnVaouE8MgKP6YpLGqaxOSKkCcBlcGqoESso46iAzWAAuHtIoLOBShx0aMzULNZeGr5ux5Dpge8hHii8cxwj7LXS4nyT2RZLvC6Hno/cjh/f1kyVKxDQTJj8oYKq3uJUQDlrEEuvQq5XfcP57hMcMyobyyjOQzyKotnvKbkm8irryWw1Z1b38jxPWvVvXANxoWcMF5JNb946+x+0fWheVylohhyhKhN5NPupQM4O2CjNYZul5wCf/jgp4ctMJ+64HFoUsZAiuWIqJDaH23gnwb5ZYbx7c1WgjxoM5G8H7W7exIG9kBfTsOtFcp1NvEcGw1l4UwGCCNOnVf6SqvNxJkt2KIkb3Zv/WzsO6I9RsfiB6F5mo3QYwvxMwfn69WZaQE/bSKZd4J9HUONbFc85TyBxvM2NptiEubALk+7w7oIL1qPIiPVSKcKI9HAQOTXk1oVWM2bWtLxfm+9CEocYmpw4Wtmqr996x3ivZwazxd4Qgc9fKhqhF8iji9t7B7NgHllb3/JTLSzvW7s1T/r0/j6e3PxMDXrb/C83IqWwxmDHK/oPycvEJfXNSIwIKNuO28YSTEC1J7tyqCmDzMAXjSi8lY00L6p7OV4h4x4RBVfvgYw8P7at6zFyrcBBy65AsOoPT9DYdQebzHx+MZsIZrnzzAdc56/7G+HiuyZ3CAXXpXdjApAKctqUcaDTDmWjghPbTaIEktNqDzzsRuoQ5wvyfgE6caTyei0/8XkE6i9dJp2Q/tofLEa8ju/vT26FeOfu6N5CVxpl9BiwlUai3o3MPSs+WWu2+TToYsz7/FHCNBhQiRyOwEUjbtSUJip+RXIeit3FYbdYDa8yKxSMfWlX2hGlmgcWMG9OEJdW1YauKVZS5EUlW/WzRjWdwx0tkSBB3MtKocu446xs/wIV1aOWs5bMampetmTkpJtOkQ7jwsdj0HGpkKcBq9ZEArLvxb370lM79WnSAMV6N375g5K/T2ABvREqtWH3Nx1BZhQZl2Y/8B7KxWqz69qoHZHP++o5YWnWDTo6N1Szz9wecQVhGwhrw9BMPCSwjN1qSp+naP5L8xOFXy/ZlxLDS2Jw320ajkj16uD3PzyOZ2d8rLfyVRufEtWoDWoHv7haI8bRVACpkGg0x+D/+cnYZaFHTUQEN5q5/qRQDjzeZQUmDxfHaATKM8nU7E5JSNk8SfDjFNblvtx+pEKIoRrGYrUJMyXmJZoCBh/fcJIRig+gW1B7636gGzPUY72v/XeRdnPtSj7Z9F+S1p9x/9sd4xbPnmQQA2tloe8kmF2RERo+kLIJcLg9Ej7iwE0fp9SNMcKzXscpwe3OXDbnqnK7L0PAcNrSeNugzYUCMcp5EYDBjbyOp8mHdHZLPUqKMpKaaQqvu9b2Np9PPme94LArlFYd212DQCAAgSop04zA5vyJRSXg1am6CwWSMylCid4NVph0U7d2syC4nxKG2ZSk1rn3uIqI9u4GfIc9Zl0I84Zbw08HcDr929Irbgjh1In26FVWMDifXCHH9u+21Th7kch8kDq5m9DnPOqVnSaMHi7dy4jpxMw4/2s/Q/7daJ7UBWeBARFWs4JZpI/5QROOxaTQOD/CiROwYgeVwCn7LNy5WNxss8Qh9CGNAhZUeUbuZW1yPzHv/gu7frPb2Ubkesn7Kb2mRUaEySk0tH/P0Imjh6R2TnG9scwAAYkgWxttPG0qL9GgWctyGfJ8pcDXWKoMQCt9te0wXKETZhsVLcbkyrJwZA7w9IqvI5D4P1mNXjAeptWwfxoB6b+/8g50PmgeKC2sy7j4KM81IU4O63CfW2leC+3e0TyB/dRQZBUYjU6P/axBC/hHHaHvejfY2p6/9A9u6R43JZuUWDNO8BD/qRaJikeP3E+11Ga2Sn66PCmcq3vKWW01UnVCr3V0wo5IR8pl55LH0XQlokjiRuskP0qlJ99rBMa6Re1XbvZ7rihSyKRYfPxV7LErsPHkheZbuKTMtBgMxq1y0UNH9OWIeDcrHe65RN/hxUmrMMC2JTSfGMZNmv/kklaUSbId4Ld/Huz2nsa8IbrHCbdU/dn7FXlWeXmjsqgeEiRvGrnT9tsq4oSgdqfLHJI0uSEExB7/i2pWgxvUTffNivfnkLvr3GAIkNyxGXv2eu+fyBC7HwO+/CCFcwsW+QGeOLMOz5NRzmsRSsuScjNQgyQdn3Icq8GBtxM4ZntX6e2lmmdksWPcmwZIVF9JoFf9+EzWGmRAOCkpf359Xa8sR/k64RS8mc0aPVbmqcKYAPJ4izurqG2uN+bnNM6p0kDOy1fqkVav10TGd4HSiw2g3x6IOYg9bzqlZj2vWC+K7nFMXjowz7ZHrb1lTmt5bwgrBdO4renD4bJiS8w/HrZOr6TgyWp51bztLMPJ22cJc7mJgtLlIXCje4oX+jtqFXzLJTVlFurkbjx5WiWikqQHSZQ0nCBK50NWfKROYDjlKEt6CfjnHpQ/aY7FjHt+dWhBUyZKluQLe4VoY1FSnwkDJzzMLhcdAgR3Oku3nb4yz5JP9U588T1rFCSKSrfLLuTzf9h1qZtLB29ABukBbHXfMyKLOl2MgkAfqIVzPazBi1m/zHk0lefUjkXIRzkWNypWyOOxjLhONNJdQo/zvyOsWJXCaxN6GIG5Eclc</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml2:EncryptedAssertion></saml2p:Response>
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2 [887]:
extracting issuer from SAML 2.0 protocol message
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2 [887]: message
from (https://idp.rosmini.school.nz/idp/shibboleth)
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2 [887]:
searching metadata for message issuer...
2014-08-12 19:23:25 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow
[887]: evaluating message flow policy (replay checking on, expiration
60)
2014-08-12 19:23:25 DEBUG XMLTooling.StorageService [887]: inserted
record (_4ba1b90bdbb2c8a16e384d43147fbdc4) in context (MessageFlow)
with expiration (1407886045)
2014-08-12 19:23:25 DEBUG Shibboleth.SSO.SAML2 [887]: processing
message against SAML 2.0 SSO profile
2014-08-12 19:23:25 DEBUG XMLTooling.KeyInfoResolver.Inline [887]:
resolved 0 certificate(s)
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: key
algorithm didn't match ('AES' != 'RSA')
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: key
algorithm didn't match ('AES' != 'RSA')
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: key
algorithm didn't match ('AES' != 'RSA')
2014-08-12 19:23:25 DEBUG XMLTooling.KeyInfoResolver.Inline [887]:
resolving ds:X509Certificate
2014-08-12 19:23:25 DEBUG XMLTooling.KeyInfoResolver.Inline [887]:
resolved 1 certificate(s)
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]:
credential name(s) didn't overlap
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: keys didn't match
2014-08-12 19:23:25 DEBUG Shibboleth.SSO.SAML2 [887]: decrypted
Assertion: <saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_7506ca814f12c59ef7c647e5a5e05371"
IssueInstant="2014-08-12T23:23:25.065Z" Version="2.0"><saml2:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.rosmini.school.nz/idp/shibboleth</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_7506ca814f12c59ef7c647e5a5e05371"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>TMmuq3mRBndWoKRILUgTsf/jPHo=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>xE75wLvpfygm3sZapcBfrlPFzclRHR6wnf6Ai5gVn0cmLF61PIV/4Yxfoi4cJ2lKW9NQ47XSKKqaWzOfxLug91oAeufJ9DxNsNL1WKikBLUA2QPTKZ452sBkjn7fnM07wZjwenyTAVSoORXiPtTmkfW0xIuJ1JCERLD23Mbm3ttz1p8car7fMbEHMVBKserg3LOpX3jxgP1v9kPuftTu4kQg5PHuPwtSOiVymxmF5pmOtLuhjP96o53cxkMRTKBJkXgxdhU4WeVo+XBWIkisgf1LDqKpM3JZRQ7MNccg9KRnF8x8hjiVpDBTex58PszFgZgvUF+RQxswCw3FbFPePg==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGaTCCBVGgAwIBAgIDEf6MMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UE
ChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln
bmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2
ZXIgQ0EwHhcNMTQwODA1MTA0NTQwWhcNMTUwODA2MDgxNTE2WjBwMRkwFwYDVQQNExBEaVQ5OHVL
RDhKazMzV2YxMQswCQYDVQQGEwJOWjEeMBwGA1UEAxMVaWRwLnJvc21pbmkuc2Nob29sLm56MSYw
JAYJKoZIhvcNAQkBFhdhZG1pbkByb3NtaW5pLnNjaG9vbC5uejCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPtH9+WDF2UEmDJZzs5t6FVLcMtlvwpHqUIY+LuIMK/QJGQSLZmJ3XEpBajj
tnFG24pzHsc7mweGIGniqMkHh28zXPRzvJkCDoEB0xJymNSUKzrxExhSQ9ey9EH+qfkGOE5b65cw
bkTl1yq+p74J0lybSbj1GG1WIqbwxs6N8Vde9G7H42royKCVsBnoAOWw4I8UrgmLyOsIjbQDdiim
ynyiV7xW7dWa7uGizYT5v37cMhuWmF0yfNKRoXdfqP8BJyZt80xFg2psdnZQru8TKhXRfFr47Tua
QHtsKRpM/1B0QZ7otxMbjPzK20paw9c/swslWZxXs4chi5fMTiASoYUCAwEAAaOCAu0wggLpMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQrvKPp
hIQ1ERjjCfo4FvMbvkV7+DAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAzBgNVHREE
LDAqghVpZHAucm9zbWluaS5zY2hvb2wubnqCEXJvc21pbmkuc2Nob29sLm56MIIBVgYDVR0gBIIB
TTCCAUkwCAYGZ4EMAQIBMIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8v
d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVk
IGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUg
U3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9z
ZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA1BgNVHR8E
LjAsMCqgKKAmhiRodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnQxLWNybC5jcmwwgY4GCCsGAQUF
BwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3Mx
L3NlcnZlci9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3Vi
LmNsYXNzMS5zZXJ2ZXIuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
LzANBgkqhkiG9w0BAQUFAAOCAQEAF/fJgiqghXld6zYKlmA0dqiz9aa6dBej5Mqj690Z0JTgjwG2
Ej76hCP4iP907qnG9cm62khJ2is5bwXEExNKIwacmFUusxYbH76SdKyaW24PFpLka5UtUFO7vTke
Ku3BcNlX6N3QmOuLAZGUJce2Di5WFrwqHfvgEeuvk/zSx9SRBaqnDEgHYNWgESsWVnebyuZvtyLv
aVIRiWGmHvzDFGZVtxvmw/2j49TtDveQDhbmno0v1Xm+3+DaThG4WSfN9dAu9w/aE54PfJ/W+PCw
SYXFO4IfOlf7tE8GmkYM/E5Ms9by5GSpQDybeIN9ZGulB5FB2YoXb9HF4Ql5rMtlcw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
NameQualifier="https://idp.rosmini.school.nz/idp/shibboleth"
SPNameQualifier="https://sp.testshib.org/shibboleth-sp">_6df1981d745e7d41b34826e36dc0bb5e</saml2:NameID><saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData
Address="192.168.100.254"
InResponseTo="_f1069f296eac8ef017493d2853c81290"
NotOnOrAfter="2014-08-12T23:28:25.065Z"
Recipient="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions
NotBefore="2014-08-12T23:23:25.065Z"
NotOnOrAfter="2014-08-12T23:28:25.065Z"><saml2:AudienceRestriction><saml2:Audience>https://sp.testshib.org/shibboleth-sp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement
AuthnInstant="2014-08-12T23:15:13.640Z"
SessionIndex="_f94654d8f00a3a646b2420001348ea57"><saml2:SubjectLocality
Address="192.168.100.254"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>
2014-08-12 19:23:25 DEBUG Shibboleth.SSO.SAML2 [887]: extracting
issuer from SAML 2.0 assertion
2014-08-12 19:23:25 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow
[887]: evaluating message flow policy (replay checking on, expiration
60)
2014-08-12 19:23:25 DEBUG XMLTooling.StorageService [887]: inserted
record (_7506ca814f12c59ef7c647e5a5e05371) in context (MessageFlow)
with expiration (1407886045)
2014-08-12 19:23:25 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning
[887]: validating signature profile
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: keys didn't match
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.ExplicitKey [887]:
unable to validate signature, no credentials available from peer
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]:
validating signature using certificate from within the signature
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: signature
verified with key inside signature, attempting certificate
validation...
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: checking
that the certificate name is acceptable
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: adding to
list of trusted names (https://idp.rosmini.school.nz/idp/shibboleth)
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]:
certificate subject:
emailAddress=admin-***@public.gmane.org,CN=idp.rosmini.school.nz,C=NZ,description=DiT98uKD8Jk33Wf1
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match DN, trying TLS subjectAltName match
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match subjectAltName, trying TLS CN match
2014-08-12 19:23:25 ERROR XMLTooling.TrustEngine.PKIX [887]:
certificate name was not acceptable
2014-08-12 19:23:25 ERROR OpenSAML.SecurityPolicyRule.XMLSigning
[887]: unable to verify message signature with supplied trust engine
2014-08-12 19:23:25 WARN Shibboleth.SSO.SAML2 [887]: detected a
problem with assertion: Message was signed, but signature could not be
verified.
Any help will be much appreciated.
Kind regards,
Farzan
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
I have configured Shiboleth IdP. Metadata and relying-party.xml carries the
same certificate. However I still get this error when I try to authenticate
using testshib.org: I have also referred to most common errors of shiboleth
on the website.
opensaml::FatalProfileException at (
https://sp.testshib.org/Shibboleth.sso/SAML2/POST)
Message was signed, but signature could not be verified.
Following are the logs from shib.org:
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]:
validating signature using certificate from within the signature
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: signature
verified with key inside signature, attempting certificate
validation...
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: checking
that the certificate name is acceptable
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: adding to
list of trusted names (https://idp.rosmini.school.nz/idp/shibboleth)
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]:
certificate subject:
emailAddress=admin-***@public.gmane.org,CN=idp.rosmini.school.nz,C=NZ,description=DiT98uKD8Jk33Wf1
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match DN, trying TLS subjectAltName match
2014-08-12 19:15:15 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match subjectAltName, trying TLS CN match
2014-08-12 19:15:15 ERROR XMLTooling.TrustEngine.PKIX [887]:
certificate name was not acceptable
2014-08-12 19:15:15 ERROR OpenSAML.SecurityPolicyRule.XMLSigning
[887]: unable to verify message signature with supplied trust engine
2014-08-12 19:15:15 WARN Shibboleth.SSO.SAML2 [887]: detected a
problem with assertion: Message was signed, but signature could not be
verified.
2014-08-12 19:16:55 DEBUG Shibboleth.Listener [896]: dispatching
message (default/TestShib::run::SAML2SI)
2014-08-12 19:16:55 WARN Shibboleth.SessionInitiator.SAML2 [896]:
unable to locate metadata for provider
(http://idp.example.org:8080/idp/shibboleth)
2014-08-12 19:23:24 DEBUG Shibboleth.Listener [885]: dispatching
message (default/TestShib::run::SAML2SI)
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
validating input
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
marshalling, deflating, base64-encoding the message
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
marshalled message:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"
Destination="https://idp.rosmini.school.nz/idp/profile/SAML2/Redirect/SSO"
ID="_f1069f296eac8ef017493d2853c81290"
IssueInstant="2014-08-12T23:23:24Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"><saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sp.testshib.org/shibboleth-sp</saml:Issuer><samlp:NameIDPolicy
AllowCreate="1"/></samlp:AuthnRequest>
2014-08-12 19:23:24 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [885]:
message encoded, sending redirect to client
2014-08-12 19:23:25 DEBUG Shibboleth.Listener [887]: dispatching
message (default/SAML2/POST)
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2POST [887]:
validating input
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2POST [887]:
decoded SAML message:
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"
ID="_4ba1b90bdbb2c8a16e384d43147fbdc4"
InResponseTo="_f1069f296eac8ef017493d2853c81290"
IssueInstant="2014-08-12T23:23:25.065Z" Version="2.0"><saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.rosmini.school.nz/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="_a89fb4eda8dfd2294b9823a2ce71f25b"
Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey
Id="_49c3ae7fef363bb63828375c9a1ef9e2"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEPjCCAyagAwIBAgIBADANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMM
UGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2
aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmcwHhcNMDYwODMwMjEyNDM5WhcN
MTYwODI3MjEyNDM5WjB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYD
VQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYD
VQQDEw9zcC50ZXN0c2hpYi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJyR6Z
P6MXkQ9z6RRziT0AuCabDd3x1m7nLO9ZRPbr0v1LsU+nnC363jO8nGEqsqkgiZ/bSsO5lvjEt4eh
ff57ERio2Qk9cYw8XCgmYccVXKH9M+QVO1MQwErNobWbAjiVkuhWcwLWQwTDBowfKXI87SA7KR7s
FUymNx5z1aoRvk3GM++tiPY6u4shy8c7vpWbVfisfTfvef/y+galxjPUQYHmegu7vCbjYP3On0V7
/Ivzr+r2aPhp8egxt00QXpilNai12LBYV3Nv/lMsUzBeB7+CdXRVjZOHGuQ8mGqEbsj8MBXvcxIK
bcpeK5ZiJCVXPfarzuriM1G5y5QkKW+LAgMBAAGjgdQwgdEwHQYDVR0OBBYEFKB6wPDxwYrYStNj
U5P4b4AjBVQVMIGhBgNVHSMEgZkwgZaAFKB6wPDxwYrYStNjU5P4b4AjBVQVoXukeTB3MQswCQYD
VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYD
VQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmeC
AQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAc06Kgt7ZP6g2TIZgMbFxg6vKwvDL
0+2dzF11Onpl5sbtkPaNIcj24lQ4vajCrrGKdzHXo9m54BzrdRJ7xDYtw0dbu37l1IZVmiZr12eE
Iay/5YMU+aWP1z70h867ZQ7/7Y4HW345rdiS6EW663oH732wSYNt9kr7/0Uer3KD9CuPuOidBaco
spDaFyfsaJruE99Kd6Eu/w5KLAGG+m0iqENCziDGzVA47TngKz2vPVA+aokoOyoz3b53qeti77ij
atSEoKjxheBWpO+eoJeGq/e49Um3M2ogIX/JAlMaInh+vYSYngQB2sx9LGkR9KHaMKNIGCDehk93
Xla4pWJx1w==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>rKO0FOpQjNwEMECoJLlNcDlPqC3BRaocJyci1sXX/ngnYCYPqz5QhGNrc7k+FYYOXFEyE18R+dbgKXpkReWdsQnYN5HN5OWA2TXutcgWMNdi3KImrdjFOuT7eR/ZdBo1vSTjLp+YrezC+G7ojxBcw7CaFRilxU/Y0caYK1fJSPhd+C4tYY+HbchCS7DOuFdGug+IS61NiMWRW11yHe97jva2dpM0CF5Ai5VOZ8XaLV69AaMToL55VcW/hPsx82f+IlFxIxOu81dZrPgmsEXy5i/ybwL0TZcq1tvnGAiP7qFLdBHtMfMWxsOZP6G/Xtb78Nt8MpHt4RX3s4HyUm1AQw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>IjcBqr3GPS6PEulnsfGbR/e5y06F5RFRkD5cxoQk6xIp1u5nlnM8uUGJJyCFEc6HLE2GZWRDUHmMwki7HvCmZVkamXQ6Qrv8kQnl3b7puDLVRFncjEq8wjc5WxPah4tq556couRXssrnX/6uce9mA0caPf2jo6k+bVEvJnTueE8/CPClTl6ba5+IH7gJHdxs2ypy0MbpTtUQZ5EcBDg44Ap6FLnoExeKcxrR+Rrp7TBzyMX3a4DSOZZak4Lo24wyla3cSFScgeRc1DpoSkDBPRzf63OVOchbuSmStYL5To1z2RCbDg691tv0gDxeO2B5Cr2H2167FAn0EWGA5r2gehS6ZYfPTKO5t7W21Clv7gAtGizKvtOdTupdQ5nbpczt1TS2k7hFLGMzNBoZDW/lI2VEXshCHTkXkxPUvM2GbPyLtqmq8Ce2q9jZaMn2bcQ40a3I5eudrZ0bDDO5RKdCkr3YZb8GieJfupMSkqN/ON1n0HvyUvMZp6oGDatI1KzFlDu1YHzPS17yRZfhA7nOxifGbXkO+nlnZRdOtbyo56003yNS5Pe9DjSYZ9+yhhld+XJjFaR+Q2q3BkzcKobian5ityqs0CzJc8aa5TPsAEm09Im4FuX5Zm2qnd1yYMecgROIEyhRcGU+Td9zXsHaRsZkIv1PLM/zib7Wy5NBwiosgabqHAEh4F6o5OSkjc5djQOEe37No9uIExh+U4Isv6Blks88BJVDC4RxbWXD10XJexm098oKoLp5Rk0J/qGl02ilkcXmyOkDjIRwemdhKBqIj3YnBvupUBW+KXpFvgs/Mlv8gZ0A47OvhLFq2GuEBCY2jbfKGPdjWgcyETzehRKqUChyzrZhEPbogORBS5KYzjayufH5hoYQ1eAuMItiLlEUc/9EZsgkqeb/Xxrq6edYEqsxW6RqazxlKw0CNVA0Q6FFa3Y6mTQEIesLR8ocCG7zoyKmuZvneDn0uH1abFMOUvrqnl7NneYvnVqYX3x+WhBtO+GaUppJU2vrvqNrBzRFdEVNcdw8vB7SKxF6yt1lm72AkyL4C7+K7qprtoUvvX5kd9huesWh53xu6KMtQYSHYrF+EUOSsGGcq1CoYYTi7NDV1tZz5NUgY0kHxwvABVdDfnPRydmE4uL99JudpiKCghHTrUb6IJtHuseMvjjOm280fFpmeOVGwlR7cwbOaoWcy8Yrjro/kwXn54bWJjE+17T/bIIwRKDzePEsILvwY6BBjDm2OdkRasKc50p1au4p7Ob3qg4ZAd82R+n+EEJ6Vv2AyorRdcX5nibHcefAJaV1cURssYwlWfrjVY3ZfCdCur0cGDHMoigvWvojL4nG7jiWGdrbwQYVY4AAEtP2JC7GOisBvf6xUdICT608Ak69mHIGWjhgjtF4ti9BKLDohXsFNaHyPcHyikpooPhOzCPU/tPuLfN8f66Wgxq4R4IeL5kELZSCjEwxl/U0LwV9XP09QuYroWCZfnmLi2VPXr/9hG8Cio9N6X15VEQusrzfRSdcaUyjjCGQF6JoXH4Dtsqvhn+vneKA65AODBYrn//8SwtEQRiS3Zr7H/i1kFGGHPNUqMc+CQ26UVazQiZpMaG/r6ak0k0hBHRXb92/eg0GE/+MXPuiWc8FpTZKo2ZE/9BDsTRA2WY+rD1NiAe7nzMJ+7Gp5/8QSE42wXyAoZJ1vIypQh4IB65JSJvYzPcXyf/u3OGww6Bu52nOKpxsyLkElZUMnDdTZxq7cvVjI+l9dkuoISDBy4efH4bEuxJQpWNw7eNDRxZBzO8sb7meYqMFKavGiT7T7mwwsL7Ew7exVn//2QF8xa5qi2YDesgD+Q4wZ9q69Q6PKycjgswsnHJ0D8u8OQx3zoRbXYZ7+OZUAFvaijVqDwsLIWA4yfftcN279U2aKtZ4CoLpZEj+y5ybbvDw686Np4jPxheU5RZwdUur7NicFOlGjhxM7P2CaXxqqbhaB4G4vhknTv/mfVMNNNjc73+1aZVujNgoqWWolzLzsOgTUnBsbnKmTbZi8xo6j29RcVl5tcmoPKd7kVC06kIhUSJyV6CeK6EtosjtzF7UwJ4CcIvXiu+KPbyBb7pi/62dx4Ld9E2jMISL7+aJSGMWsJX4LKC+CxgUCK3UWve1W04CJUOz2K1dw4q7Hv4yeGap+fcQIQytYKcp5EHFfcLEdLHKUdTxWgF2gswHTbcB9BKZGgjsRKNedCaQcGcmxN9aY670E0GzWhzvW+skypkvijw3Fu9jeLSm4veg5NeAUcviuLnntcFupzIsVtZGzC1vcFbr9DWVDKWYxeroFIiopgvhDSvTixzjJa4f2QFiIRYKexzHvLODViEzU6fvI/IdHfhOaB68uqcitOABVytUVTZ/LFRdN/lZ+7SzhrTPxsKBK/kMOkBR2qN4k52xIo1L92+R6l59VNb65T/vFXyDqqUIrHsraB8xRDz1nMNvBiV8SD5WLSUpK0z4bVuGfVx30Ai3oD/A5ScMPXWVSa006pgirf3tyopKlvE4QTXmfz5glJXXXIiJJoryRYeWd87rVCRRSTulb16DiPQfBojraWCb+C6Ax/cmUtXcpeZrYOXF4S0uSNHJeF8/vLtka/kpydd3q5ZKDdXcwdknXURC73p7NHW/1Pmmyo6Iqr2fMwYANp/KfVNkOinyQMIbyE3Bs5ztOTlO7EGcMpbzXfHRknnlTGEQUS8ATBQb72LWQGpONTgxRGU1k6FBQZZfPdeXS1dWvN+Z3psaZjxLR4uFkCsCdTVRMo+NoECNmQb1pbnD2AjeKjGqT8CO0EYojqh9ps0M/2yrWKDpfvXQeKhzTFZe3OBWNwapVZzmbFnoxEjfBGC1D9lLU94t8VJyDVYZb6LD22e2ADk+KQKqqUaH3opKlWbYynhMMyEWZiCsDOAnMga9T21huJ9Ro4MiHPoeOdzh7/S+/fmJ3QDXImy4+RwDH70Txejv9l2P7R78bS3mf338VNAgw3SWgndISJX25w5wlCBXh7DNHBlUHjiWupWFPjXNRnYyAf56/G71JXXNmfSwKPtUBT3bgmYKN9LO8V1mabE4NvJLpRmzj28G7XPkksR2UT5qOuuJOGEmPcXZ1tsoqSM1AIyRM+/rGP8eL0zLafrJ+8yWcxSIKn87KWKX/qHJhuawexLS+ei7E8LC38bY5Uwu8ZNuAy7t7Ybh7lALJvtmiIxoftuA+5+hsv9L49NR97AasDCeGlNiJE/bvMnAZzkZotaNh9eEV60WVTsdpNwmdGtcyGWr31sA6QDLQgBADPPo1XOtkFf/maqwtuDjylxfDX9y1dYd/cL1/UBEG0K9rtla7FGYRUH0/MT2ukTqzm96NzxAsZogs9odRDj0VigFMn3WsO47I+NuZ58zxVO0vs2ui1Ym218CsFWzBuYSTecUrzX9mELmXCWSeMDsx2RIOGKje2vLrPlL5nfVIL4E3YP6mi68jHrKEjMjSatWyKm0pScBonlPjYUAPjwUD34yCS4YspO6sIaGW1nF11O1UtEJAUVMVRAPlb8dBmr3RP6q23Y1HeKCc4UXBLM5xSJvuAfrcZwjO9BZ4rtplhdXUeQgttjZirQrLK6g8D2O4/0QkBq4rfnQOotUh95I7RDFg03q5k1b7EgDRG2pKk/ETJxW66af10GzblzzXMV9VLqVn7dtV02Myh8LVjdaH33KKVhNpI8OxAm6V/PIzrRLoqT9sZpa/ZZHLdMt5UZcA/4EAMwDOCCby6JaOuJd+KuVknQbT0hfC/q7x6L7ehAgeJyHTlvEHODHgBna/LeL6fLYRRzT9S9mSo6YY8s9W9iXK6cx7EHPf30cXeXCIcKlSJOFDhrtjZyaPftkAGzDhuERQWFhaYXD63bVpBjHz8K+BrQ5xKaHKzSDThdWbZIvyOK3UQHGx+hN3G9feN2MFspnTdXCkedboFZquGMQAUbftewqWb9kOnwEV6ubfWglfew52AL0h6y2UdoWJifYNTL71/xQ3Al7DmSIbnVaouE8MgKP6YpLGqaxOSKkCcBlcGqoESso46iAzWAAuHtIoLOBShx0aMzULNZeGr5ux5Dpge8hHii8cxwj7LXS4nyT2RZLvC6Hno/cjh/f1kyVKxDQTJj8oYKq3uJUQDlrEEuvQq5XfcP57hMcMyobyyjOQzyKotnvKbkm8irryWw1Z1b38jxPWvVvXANxoWcMF5JNb946+x+0fWheVylohhyhKhN5NPupQM4O2CjNYZul5wCf/jgp4ctMJ+64HFoUsZAiuWIqJDaH23gnwb5ZYbx7c1WgjxoM5G8H7W7exIG9kBfTsOtFcp1NvEcGw1l4UwGCCNOnVf6SqvNxJkt2KIkb3Zv/WzsO6I9RsfiB6F5mo3QYwvxMwfn69WZaQE/bSKZd4J9HUONbFc85TyBxvM2NptiEubALk+7w7oIL1qPIiPVSKcKI9HAQOTXk1oVWM2bWtLxfm+9CEocYmpw4Wtmqr996x3ivZwazxd4Qgc9fKhqhF8iji9t7B7NgHllb3/JTLSzvW7s1T/r0/j6e3PxMDXrb/C83IqWwxmDHK/oPycvEJfXNSIwIKNuO28YSTEC1J7tyqCmDzMAXjSi8lY00L6p7OV4h4x4RBVfvgYw8P7at6zFyrcBBy65AsOoPT9DYdQebzHx+MZsIZrnzzAdc56/7G+HiuyZ3CAXXpXdjApAKctqUcaDTDmWjghPbTaIEktNqDzzsRuoQ5wvyfgE6caTyei0/8XkE6i9dJp2Q/tofLEa8ju/vT26FeOfu6N5CVxpl9BiwlUai3o3MPSs+WWu2+TToYsz7/FHCNBhQiRyOwEUjbtSUJip+RXIeit3FYbdYDa8yKxSMfWlX2hGlmgcWMG9OEJdW1YauKVZS5EUlW/WzRjWdwx0tkSBB3MtKocu446xs/wIV1aOWs5bMampetmTkpJtOkQ7jwsdj0HGpkKcBq9ZEArLvxb370lM79WnSAMV6N375g5K/T2ABvREqtWH3Nx1BZhQZl2Y/8B7KxWqz69qoHZHP++o5YWnWDTo6N1Szz9wecQVhGwhrw9BMPCSwjN1qSp+naP5L8xOFXy/ZlxLDS2Jw320ajkj16uD3PzyOZ2d8rLfyVRufEtWoDWoHv7haI8bRVACpkGg0x+D/+cnYZaFHTUQEN5q5/qRQDjzeZQUmDxfHaATKM8nU7E5JSNk8SfDjFNblvtx+pEKIoRrGYrUJMyXmJZoCBh/fcJIRig+gW1B7636gGzPUY72v/XeRdnPtSj7Z9F+S1p9x/9sd4xbPnmQQA2tloe8kmF2RERo+kLIJcLg9Ej7iwE0fp9SNMcKzXscpwe3OXDbnqnK7L0PAcNrSeNugzYUCMcp5EYDBjbyOp8mHdHZLPUqKMpKaaQqvu9b2Np9PPme94LArlFYd212DQCAAgSop04zA5vyJRSXg1am6CwWSMylCid4NVph0U7d2syC4nxKG2ZSk1rn3uIqI9u4GfIc9Zl0I84Zbw08HcDr929Irbgjh1In26FVWMDifXCHH9u+21Th7kch8kDq5m9DnPOqVnSaMHi7dy4jpxMw4/2s/Q/7daJ7UBWeBARFWs4JZpI/5QROOxaTQOD/CiROwYgeVwCn7LNy5WNxss8Qh9CGNAhZUeUbuZW1yPzHv/gu7frPb2Ubkesn7Kb2mRUaEySk0tH/P0Imjh6R2TnG9scwAAYkgWxttPG0qL9GgWctyGfJ8pcDXWKoMQCt9te0wXKETZhsVLcbkyrJwZA7w9IqvI5D4P1mNXjAeptWwfxoB6b+/8g50PmgeKC2sy7j4KM81IU4O63CfW2leC+3e0TyB/dRQZBUYjU6P/axBC/hHHaHvejfY2p6/9A9u6R43JZuUWDNO8BD/qRaJikeP3E+11Ga2Sn66PCmcq3vKWW01UnVCr3V0wo5IR8pl55LH0XQlokjiRuskP0qlJ99rBMa6Re1XbvZ7rihSyKRYfPxV7LErsPHkheZbuKTMtBgMxq1y0UNH9OWIeDcrHe65RN/hxUmrMMC2JTSfGMZNmv/kklaUSbId4Ld/Huz2nsa8IbrHCbdU/dn7FXlWeXmjsqgeEiRvGrnT9tsq4oSgdqfLHJI0uSEExB7/i2pWgxvUTffNivfnkLvr3GAIkNyxGXv2eu+fyBC7HwO+/CCFcwsW+QGeOLMOz5NRzmsRSsuScjNQgyQdn3Icq8GBtxM4ZntX6e2lmmdksWPcmwZIVF9JoFf9+EzWGmRAOCkpf359Xa8sR/k64RS8mc0aPVbmqcKYAPJ4izurqG2uN+bnNM6p0kDOy1fqkVav10TGd4HSiw2g3x6IOYg9bzqlZj2vWC+K7nFMXjowz7ZHrb1lTmt5bwgrBdO4renD4bJiS8w/HrZOr6TgyWp51bztLMPJ22cJc7mJgtLlIXCje4oX+jtqFXzLJTVlFurkbjx5WiWikqQHSZQ0nCBK50NWfKROYDjlKEt6CfjnHpQ/aY7FjHt+dWhBUyZKluQLe4VoY1FSnwkDJzzMLhcdAgR3Oku3nb4yz5JP9U588T1rFCSKSrfLLuTzf9h1qZtLB29ABukBbHXfMyKLOl2MgkAfqIVzPazBi1m/zHk0lefUjkXIRzkWNypWyOOxjLhONNJdQo/zvyOsWJXCaxN6GIG5Eclc</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml2:EncryptedAssertion></saml2p:Response>
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2 [887]:
extracting issuer from SAML 2.0 protocol message
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2 [887]: message
from (https://idp.rosmini.school.nz/idp/shibboleth)
2014-08-12 19:23:25 DEBUG OpenSAML.MessageDecoder.SAML2 [887]:
searching metadata for message issuer...
2014-08-12 19:23:25 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow
[887]: evaluating message flow policy (replay checking on, expiration
60)
2014-08-12 19:23:25 DEBUG XMLTooling.StorageService [887]: inserted
record (_4ba1b90bdbb2c8a16e384d43147fbdc4) in context (MessageFlow)
with expiration (1407886045)
2014-08-12 19:23:25 DEBUG Shibboleth.SSO.SAML2 [887]: processing
message against SAML 2.0 SSO profile
2014-08-12 19:23:25 DEBUG XMLTooling.KeyInfoResolver.Inline [887]:
resolved 0 certificate(s)
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: key
algorithm didn't match ('AES' != 'RSA')
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: key
algorithm didn't match ('AES' != 'RSA')
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: key
algorithm didn't match ('AES' != 'RSA')
2014-08-12 19:23:25 DEBUG XMLTooling.KeyInfoResolver.Inline [887]:
resolving ds:X509Certificate
2014-08-12 19:23:25 DEBUG XMLTooling.KeyInfoResolver.Inline [887]:
resolved 1 certificate(s)
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]:
credential name(s) didn't overlap
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: keys didn't match
2014-08-12 19:23:25 DEBUG Shibboleth.SSO.SAML2 [887]: decrypted
Assertion: <saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_7506ca814f12c59ef7c647e5a5e05371"
IssueInstant="2014-08-12T23:23:25.065Z" Version="2.0"><saml2:Issuer
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.rosmini.school.nz/idp/shibboleth</saml2:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#_7506ca814f12c59ef7c647e5a5e05371"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>TMmuq3mRBndWoKRILUgTsf/jPHo=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>xE75wLvpfygm3sZapcBfrlPFzclRHR6wnf6Ai5gVn0cmLF61PIV/4Yxfoi4cJ2lKW9NQ47XSKKqaWzOfxLug91oAeufJ9DxNsNL1WKikBLUA2QPTKZ452sBkjn7fnM07wZjwenyTAVSoORXiPtTmkfW0xIuJ1JCERLD23Mbm3ttz1p8car7fMbEHMVBKserg3LOpX3jxgP1v9kPuftTu4kQg5PHuPwtSOiVymxmF5pmOtLuhjP96o53cxkMRTKBJkXgxdhU4WeVo+XBWIkisgf1LDqKpM3JZRQ7MNccg9KRnF8x8hjiVpDBTex58PszFgZgvUF+RQxswCw3FbFPePg==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGaTCCBVGgAwIBAgIDEf6MMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UE
ChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2ln
bmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2
ZXIgQ0EwHhcNMTQwODA1MTA0NTQwWhcNMTUwODA2MDgxNTE2WjBwMRkwFwYDVQQNExBEaVQ5OHVL
RDhKazMzV2YxMQswCQYDVQQGEwJOWjEeMBwGA1UEAxMVaWRwLnJvc21pbmkuc2Nob29sLm56MSYw
JAYJKoZIhvcNAQkBFhdhZG1pbkByb3NtaW5pLnNjaG9vbC5uejCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPtH9+WDF2UEmDJZzs5t6FVLcMtlvwpHqUIY+LuIMK/QJGQSLZmJ3XEpBajj
tnFG24pzHsc7mweGIGniqMkHh28zXPRzvJkCDoEB0xJymNSUKzrxExhSQ9ey9EH+qfkGOE5b65cw
bkTl1yq+p74J0lybSbj1GG1WIqbwxs6N8Vde9G7H42royKCVsBnoAOWw4I8UrgmLyOsIjbQDdiim
ynyiV7xW7dWa7uGizYT5v37cMhuWmF0yfNKRoXdfqP8BJyZt80xFg2psdnZQru8TKhXRfFr47Tua
QHtsKRpM/1B0QZ7otxMbjPzK20paw9c/swslWZxXs4chi5fMTiASoYUCAwEAAaOCAu0wggLpMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQrvKPp
hIQ1ERjjCfo4FvMbvkV7+DAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAzBgNVHREE
LDAqghVpZHAucm9zbWluaS5zY2hvb2wubnqCEXJvc21pbmkuc2Nob29sLm56MIIBVgYDVR0gBIIB
TTCCAUkwCAYGZ4EMAQIBMIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8v
d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVk
IGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUg
U3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9z
ZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA1BgNVHR8E
LjAsMCqgKKAmhiRodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnQxLWNybC5jcmwwgY4GCCsGAQUF
BwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3Mx
L3NlcnZlci9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3Vi
LmNsYXNzMS5zZXJ2ZXIuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
LzANBgkqhkiG9w0BAQUFAAOCAQEAF/fJgiqghXld6zYKlmA0dqiz9aa6dBej5Mqj690Z0JTgjwG2
Ej76hCP4iP907qnG9cm62khJ2is5bwXEExNKIwacmFUusxYbH76SdKyaW24PFpLka5UtUFO7vTke
Ku3BcNlX6N3QmOuLAZGUJce2Di5WFrwqHfvgEeuvk/zSx9SRBaqnDEgHYNWgESsWVnebyuZvtyLv
aVIRiWGmHvzDFGZVtxvmw/2j49TtDveQDhbmno0v1Xm+3+DaThG4WSfN9dAu9w/aE54PfJ/W+PCw
SYXFO4IfOlf7tE8GmkYM/E5Ms9by5GSpQDybeIN9ZGulB5FB2YoXb9HF4Ql5rMtlcw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
NameQualifier="https://idp.rosmini.school.nz/idp/shibboleth"
SPNameQualifier="https://sp.testshib.org/shibboleth-sp">_6df1981d745e7d41b34826e36dc0bb5e</saml2:NameID><saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData
Address="192.168.100.254"
InResponseTo="_f1069f296eac8ef017493d2853c81290"
NotOnOrAfter="2014-08-12T23:28:25.065Z"
Recipient="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions
NotBefore="2014-08-12T23:23:25.065Z"
NotOnOrAfter="2014-08-12T23:28:25.065Z"><saml2:AudienceRestriction><saml2:Audience>https://sp.testshib.org/shibboleth-sp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement
AuthnInstant="2014-08-12T23:15:13.640Z"
SessionIndex="_f94654d8f00a3a646b2420001348ea57"><saml2:SubjectLocality
Address="192.168.100.254"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion>
2014-08-12 19:23:25 DEBUG Shibboleth.SSO.SAML2 [887]: extracting
issuer from SAML 2.0 assertion
2014-08-12 19:23:25 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow
[887]: evaluating message flow policy (replay checking on, expiration
60)
2014-08-12 19:23:25 DEBUG XMLTooling.StorageService [887]: inserted
record (_7506ca814f12c59ef7c647e5a5e05371) in context (MessageFlow)
with expiration (1407886045)
2014-08-12 19:23:25 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning
[887]: validating signature profile
2014-08-12 19:23:25 DEBUG XMLTooling.CredentialCriteria [887]: keys didn't match
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.ExplicitKey [887]:
unable to validate signature, no credentials available from peer
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]:
validating signature using certificate from within the signature
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: signature
verified with key inside signature, attempting certificate
validation...
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: checking
that the certificate name is acceptable
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: adding to
list of trusted names (https://idp.rosmini.school.nz/idp/shibboleth)
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]:
certificate subject:
emailAddress=admin-***@public.gmane.org,CN=idp.rosmini.school.nz,C=NZ,description=DiT98uKD8Jk33Wf1
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match DN, trying TLS subjectAltName match
2014-08-12 19:23:25 DEBUG XMLTooling.TrustEngine.PKIX [887]: unable to
match subjectAltName, trying TLS CN match
2014-08-12 19:23:25 ERROR XMLTooling.TrustEngine.PKIX [887]:
certificate name was not acceptable
2014-08-12 19:23:25 ERROR OpenSAML.SecurityPolicyRule.XMLSigning
[887]: unable to verify message signature with supplied trust engine
2014-08-12 19:23:25 WARN Shibboleth.SSO.SAML2 [887]: detected a
problem with assertion: Message was signed, but signature could not be
verified.
Any help will be much appreciated.
Kind regards,
Farzan
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.