Menu
▾
▴
[Unity-idm-discuss] Shibboleth - Issuer is not among trusted
|
From: D B. <ba...@aw...> - 2020-03-12 18:59:25
|
Hi!
I feel I've asked about this before but could not find the message any
more - sorry!
I'm trying to configure two SAML SPs in parallel in
conf/modules/saml/saml-webidp.properties:
unity.saml.acceptedSPMetadataSource.a.url=file:///conf/saml/a-metadata.xml
unity.saml.acceptedSPMetadataSource.b.url=file:///conf/saml/b-metadata.xml
unity.saml.spAcceptPolicy=validRequester
SP A works fine, but I've got issues with SP B, which is a
Shibboleth/Apache setup. When I try to access a protected resource, I
get forwarded to unity and it tells me:
SAML IdP got an invalid request.
eu.unicore.samly2.exceptions.SAMLRequesterException: Issuer is not among
trusted: https://mydomain/shibboleth
In unity the logs, I find this
eu.unicore.samly2.exceptions.SAMLRequesterException: Issuer is not among
trusted: https://mydomain/shibboleth
at
eu.unicore.samly2.validators.AbstractRequestValidator.validate(AbstractRequestValidator.java:87)
~[samly2-2.4.0.jar:2.4.0]
at
pl.edu.icm.unity.saml.validator.WebAuthRequestValidator.validate(WebAuthRequestValidator.java:33)
~[unity-server-saml-3.2.0.jar:?]
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.validate(SamlParseServlet.java:213)
~[unity-server-saml-3.2.0.jar:?]
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequestInterruptible(SamlParseServlet.java:140)
~[unity-server-saml-3.2.0.jar:?]
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.processSamlRequest(SamlParseServlet.java:93)
~[unity-server-saml-3.2.0.jar:?]
at
pl.edu.icm.unity.saml.idp.web.filter.SamlParseServlet.doGet(SamlParseServlet.java:73)
~[unity-server-saml-3.2.0.jar:?]
Caused by: eu.unicore.samly2.exceptions.SAMLValidationException: Issuer
is not among trusted: https://mydomain/shibboleth
at
eu.unicore.samly2.trust.EnumeratedTrustChecker.checkTrust(EnumeratedTrustChecker.java:95)
~[samly2-2.4.0.jar:2.4.0]
at
eu.unicore.samly2.validators.AbstractRequestValidator.validate(AbstractRequestValidator.java:83)
~[samly2-2.4.0.jar:2.4.0]
The problem goes away if I set
unity.saml.spAcceptPolicy=all
Is this error about the crypto certificate being untrusted or about the
SAML SP being untrusted?
I tried dumping the SP's certificate in conf/pki/trusted-ca but to no avail.
Cheers,
D
|
