While trying to implement federation, I was getting code 500 errors when trying to get a SAML assertion from a Keystone instance configured as identity provider. This is what the Keystone log showed: INFO keystone.common.wsgi [-] POST http://172.29.236.100:5000/v3/auth/OS-FEDERATION/saml2/ecp ERROR keystone.contrib.federation.idp [-] Error when signing assertion, reason: Command '['xmlsec1', '--sign', '--privkey-pem', '/etc/ssl/private/signing_key.pem,/etc/ssl/ certs/signing_cert.pem', '--id-attr:ID', 'Assertion', '/tmp/tmpfXz0D4']' returned non-zero exit status 1 2015-06-24 21:54:46.482 13569 WARNING keystone.common.wsgi [-] An unexpected error prevented the server from fulfilling your request. It is not clear what the problem is from the logs -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150907/9fcc209c/attachment.html>