Well there is something odd here:
>> 2007-11-13T14:39:40+0000 localhost [shib] Supplied credentials
>> (CN=gate-test.library.lse.ac.uk,OU=Library,O=London School of
>> Economics,L=London,ST=London,C=GB) are NOT valid for provider
>> (urn:mace:ac.uk:sdss.ac.uk:provider:service:gabriel.lse.ac.uk).
The providerId
"urn:mace:ac.uk:sdss.ac.uk:provider:service:gabriel.lse.ac.uk" is the SP
with comments "This is a Perseus Project SP (an LSE Projects WIKI)".
If I poke one of the end points with curl I see that it is signed correctly
* Server certificate:
* subject: /CN=gabriel.lse.ac.uk/C=GB/ST=England/L=London/O=London
School of [log in to unmask]
* start date: 2006-11-18 07:15:09 GMT
* expire date: 2009-11-18 07:15:09 GMT
* common name: gabriel.lse.ac.uk (matched)
* issuer: /C=BE/O=GlobalSign nv-sa/OU=Enhanced ServerSign
CA/CN=GlobalSign Enhanced ServerSign CA
This seems to be what the metadata wants:
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>gabriel.lse.ac.uk</ds:KeyName>
</ds:KeyInfo>
However you are seeing a certificate for gate-test.library.lse.ac.uk. This
appears to belong to the providerId
"urn:mace:ac.uk:sdss.ac.uk:provider:identity:lse.ac.uk" with comments: "This
is an identity provider for the JISC Angel project at LSE."
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>gate-test.library.lse.ac.uk</ds:KeyName>
</ds:KeyInfo>
What does curl say for you if you tickle
https://gabriel.lse.ac.uk/Shibboleth.sso/SAML/Artifact?
Are you resolving DNS correctly? I have 158.143.192.195 for garbriel and
158.143.192.129 for gate-test.
/Rod
|