cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Miroslav Milinovic <miro AT srce.hr>
- To: Matthew Slowe <Matthew.Slowe AT jisc.ac.uk>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>, eduroam OT <eduroam-ot AT lists.geant.org>, "monitor AT eduroam.org" <monitor AT eduroam.org>
- Subject: Re: [[cat-users]] Unable to authenticate
- Date: Fri, 31 Jul 2020 13:19:37 +0200
- Autocrypt: addr=miro AT srce.hr; prefer-encrypt=mutual; keydata= mQGiBE1HPjIRBACaTRBuwahL+6MJgc99XwpBrWVAp/z6SUi8/9QlpbxouOsj+sjRN32A4vtp 9gt0fI5zzs1onf3VZSbTMBPQgcmDX5CiaphOvlUgCmcoKBRWyT1orj1BeHdheyZ2dUUqhw/D r8QdTo24FHkVWok6j/P1VTPihNEnmqW6NlIgA3Z8LwCgiBWhG5klvmNxczDkQYnRBaUOtykD /A42LUs80XnFYjiBV16E/w5n8dqGNlN7M8m0ne2eTMlIZEkFXQcQSP4HAWtLMo4EQdUzAtRR 0Qn6hf5H+nAIgLI/GzZNLMZ2ePWB7KWrJJPMu3GwcS4ZOg3PjbdBdhNgDb98aarID+bm3c+D ZSvvp0V/6H2anlYF9ZY3xoKtp3JJA/97N//AXgoW05ckGC9QtEZ3UOd18KSv1nDn5GkYIdmL Jx7fFf7zbzbUFUkx3lfgHgGVPHVyAZEkkS7M4znTD9ntdY6clwHZeBLZ9NTPEzVGIMY2XE8Y cxLIEHRWWJnl6+PTSynifjX17a+OH6QQJv7EhtTtfcL5oAS4HdenXS9DBbQoTWlyb3NsYXYg TWlsaW5vdmljIChNaXJvKSA8bWlyb0BzcmNlLmhyPohhBBMRAgAhBQJNRz4yAhsDBwsJCAcD AgEEFQIIAwQWAgMBAh4BAheAAAoJEMYl0kwSy2+VH7wAn3c0TkOf9TJbC1lpvEcgirgpGcQe AJ9mhmJ+2QWHCgp+trV8ANvxPkdreLkCDQRNRz4yEAgA9KjwQPq8WqxF90HNbU8yWVdsAIGK vhN53K4rLWebuiNaZF5fdYznr30Oh1MVJjEunrznZHp8m/ODJyIMrTldyUv44UNzcOK5yR6z pmdt6e4/tLJ2PcgwOzj++HnBrY8m8ieN7K2iam+7gFx33Vk+9zFWaVD/aEe0BwgWt9VkTryc rHjliL9I8m0E0JwSrEMADC7Wet89r5GzCvjQqO++T7qPA58ktcgcFQBoiYDHNOKynto2Xyq2 3xfhiG9sOYBD/ZmD3mcVyan8kjozSxQALjd6CvFtCfJ/6LDI/E4BvbFnQvzQtC9SsSgzstEM TwQ45ShXcz+vQktpFt2dCHRGDwADBQf+OeUpOanXF2vOS01CgC/1OuOttCpxscDTj9afj4bp 8iNkWs1Obv9bEMzKJZrBVY9TsmZJ4jbD1gWgn+LamZ/oddht5ARZ2MX3Zqb9fVSx+BiUrNu1 2m6+TR2E0X6GfQ4wHDHuRVbykabRz7O2WqW6pH8i1uIkJCmh8hxt9yH0RKNR64RBwEA7Yb6H GYip2i+MQKykh/CpJncBwHGoCclbjsh7LvEzEBek/zkv7tPiQae5MWuleh6STemcIQMKlXAj yFoGGp+8TNU0tcRejjUR5Gid3AFdEjnicJdZJsL2QaUdTm/JWt1ghtEC0XWRgPlB8JDvCiua ldRce7HJqEodGohJBBgRAgAJBQJNRz4yAhsMAAoJEMYl0kwSy2+Vof0AnRLZaJKd3k/Y7XoM y5Q4YYYVxmQgAKCGKYvdU/bNqzMzckI5uqTru2UqeQ==
Matthew,
we'll see how to accommodate your request and let you know once we've
done it.
Regards
Miroslav Milinovic
eduroam service manager, GEANT
On 31-Jul-20 10:55, Matthew Slowe wrote:
> On 28 Jul 2020, at 10:18, Matthew Slowe <Matthew.Slowe AT jisc.ac.uk> wrote:
>>
>> On behalf of a new CAT member organisation, they're having trouble
>> authenticating to the CAT Admin portal. SimpleSAMLphp is returning an
>> error "Failed to decrypt XML element". We've checked the logs on the IdP
>> (look ok) and can access the UK Federation's Test SP ok, too.
>>
>> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
>> ...
>> Caused by: Exception: Failed to decrypt XML element.
>>
>> The tracking code was 5d4e392eee at about 08:53Z today.
>>
>> Is this something at the SimpleSAMLphp end or something wrong with the
>> assertion being generated by their IdP?
>
> Following up my own question, this could be because the IdP is a new
> Shibboleth v4 which is using AES-GCM encryption rather than the older
> AES-CBC and SimpleSAMLphp doesn't know how to decrypt it?
>
> Could the metadata registration for the CAT SP be updated to include an
> <EncryptionMethod> element to assert its support options?
>
> https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0-cs01.html#__RefHeading__13608_557150731
>
> This should instruct IdPs to use the correct algorithm rather than the new
> default in ShibIdP4.
>
> Thanks,
>
- [[cat-users]] Unable to authenticate, Matthew Slowe, 07/28/2020
- Re: [[cat-users]] Unable to authenticate, Matthew Slowe, 07/31/2020
- Re: [[cat-users]] Unable to authenticate, Miroslav Milinovic, 07/31/2020
- Re: [[cat-users]] Unable to authenticate, Matthew Slowe, 07/31/2020
Archive powered by MHonArc 2.6.19.