I am trying to use a Shibboleth v3 IDP to so SAML2 authentication for
OSP. I am getting the message below which leads to eventual more TRACE
and WARN level messages.

Time: 2015-09-12T22:57:43.676-0500
Level: INFO
Java Execution:
Class: com.novell.oidp.saml2.protocol.SAML2Type
Method: validate
Line Number: -1
Thread: http-bio-443-exec-4
Message: Validation failure on message from
https://****.****.edu/idp/shibboleth : An improperly formatted SAML2
message was received.
Code: com.novell.oidp.saml2.protocol.SAML2Type.validate( ) [-1]
Thread: http-bio-443-exec-4
Correlation Id: 2e2283c3-19db-495e-957a-2390622c8501
Text: Digital signature is required

I know that the IDP is setup properly, and I know that OSP (IDM 4.5.1
with OSP Hot Fix 2) is likely setup properly. I can use my Shibboleth
v2 IDP (which is still around for troubleshooting if SPs are having a
problem with v2 vs v3) which is using the same certs/keys and it is
verifying fine. Also the SAML2 message of the v3 IDP verifies when
using https://wiki.shibboleth.net/confluen...IB2/XmlSecTool.
The SAML messages look nearly identical between v2 and v3, except the
ordering for v2 has the SAML Status block before the signature block,
while v3 has the Status block after the Signature block.

Any suggestions?

schwoerb's Profile: https://forums.netiq.com/member.php?userid=2338
View this thread: https://forums.netiq.com/showthread.php?t=54287