[Satosa-dev] pysaml2 failing signature validation

Ioannis Kakavas ikakavas at noc.grnet.gr
Wed Sep 20 09:29:23 CEST 2017


Hi Rainer,

I am using/testing/operating a number of SATOSA instances at the moment
and didn't experience this.
- Which OS and version ?
- Are you using xmlsec1 binary ? Can you verify the signature manually ?



//Ioannis

On 20/09/2017 12:25 πμ, Rainer Hoerbe wrote:
> I find Satosa having problems with the metadata signature validation since yesterday. Signatures created by both pyff and shib/xmlsectool cause satosa_saml_metadata.py fail with 
> saml2.sigver.XmlsecError: data and digest do not match. I am not aware of any configuration changes that are related to the issue. 
> 
> Did someone reload and check metadata recently, with or without system update or a new Docker image?
> 
> This leads me to another question. Is Satosa capable of reloading metadata without restart

> 
> Best regards
> Rainer
> _______________________________________________
> Satosa-dev mailing list
> Satosa-dev at lists.sunet.se
> https://lists.sunet.se/listinfo/satosa-dev
> 

-- 
------------------------------------------------------------------
Ioannis Kakavas - ikakavas at grnet.gr
Identity and Security Engineer
GRNET Network Operations Centre
Greek Research & Technology Network - http://www.grnet.gr
7, Kifisias Av. 115 23 Athens, Greece
Office: +30 2107474255

PGP Fingerprint: A5AA FB5E 740A 603B FAB1 9920 D70F 0CD5 9DE3 C262
------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.sunet.se/pipermail/satosa-dev/attachments/20170920/fca54c47/attachment.sig>


More information about the Satosa-dev mailing list