Hi Sue
The error message in the second screenshot says "unable to find a certificate matching the configured fingerprint" and then gives a SHA1 fingerprint of 4A:69:E5:43:36:00:60:75:D8:5F:D1:51:DD:F1:02:27:C7:D1:2B:77
Your IdP looks like a Shibboleth v3 IdP with 3 certificates configured in metadata. So whilst the certificate that's referred to in the erro message is one of the certificates that your IdP has registered in metadata, it's the one that's used to protect the backchannel port of your IdP. I suspect the SP needs to be configured with the one that's used to sign XML messages, which looks like it's the one with SHA1 Fingerprint=39:CB:75:74:C9:A6:07:35:BD:2F:3D:F0:A6:7F:D6:08:D9:92:35:18 (you should double-check).
I thought SimpleSAMLphp SP could consume an IdP's metadata with more than one certificate & check each of those.
Regards,
Alex
> On 25 May 2017, at 11:40, Carter, Sue 11 <[log in to unmask]> wrote:
>
> Hi everyone
>
> Is there anyone out there using Shibboleth to authenticate LibAuth for Springshare’s Libcal room booking software out there?
>
> We are trying to set up authentication in LibAuth.
>
> We are not a member of InCommon, we are a member of the UK Federation and our Shibboleth entity ID is
> https://shibboleth.lsbu.ac.uk/shibboleth.
>
> We are using the following attributes to be released to Springshare for each user:
>
> First Name: givenName
> Last Name: surname
> Email: mail
>
> We are allowing logging in to LibApps using this test authentication configuration and have not set up any attribute rules.
>
> When I click on the Test button in LibAuth/LibApps, you will see what happens from the two attached screenshots. When I click on “Accept” in the first screenshot, I get the error message in the second screenshot.
>
> We are of course liaising with our IT Department and Springshare on this but no luck as yet.
>
> Many thanks
>
>
> Sue Carter | SLRA Systems | LLR | London South Bank University | 103 Borough Road, London, SE1 0AA |
> t: +44 (0)20 7815 6641 | e: [log in to unmask]
>
> <image001.jpg>
>
> Become what you want to be
> lsbu.ac.uk | Twitter | Facebook | Instagram
>
>
> Copyright in this email and in any attachments belongs to London South Bank University. This email, and its attachments if any, may be confidential or legally privileged and is intended to be seen only by the person to whom it is addressed. If you are not the intended recipient, please note the following: (1) You should take immediate action to notify the sender and delete the original email and all copies from your computer systems; (2) You should not read copy or use the contents of the email nor disclose it or its existence to anyone else. The views expressed herein are those of the author(s) and should not be taken as those of London South Bank University, unless this is specifically stated. London South Bank University is a company limited by guarantee registered in England and Wales. The following details apply to London South Bank University: Company number - 00986761; Registered office and trading address - 103 Borough Road London SE1 0AA; VAT number - 778 1116 17 Email address - [log in to unmask] <snip4a.PNG><snip4b.PNG>
—
Alex Stuart
UK federation support team
[log in to unmask]
|