[Openstack] Re Error while signing saml assertion
nithish B
bestofnithish at gmail.com
Mon Sep 7 08:58:17 UTC 2015
Hi Sreeja,
It seems like your private key and/or the ssl certificate you use to auth
does not exist. If you are indeed using key-pair based authentication, make
sure you have the key "signing_key.pem" at the mentioned location, i.e. at
/etc/ssl/private
If this doesn't help, can you then just share a bit more on your setup.
Thanks.
Nitish B.
Regards,
Nitish B.
On Mon, Sep 7, 2015 at 1:15 PM, sreeja kannagundla <
sreejakannagundla08 at gmail.com> wrote:
> While trying to implement federation, I was getting code 500 errors
> when trying to get a SAML assertion from a Keystone instance
> configured as identity provider. This is what the Keystone log showed:
>
> INFO keystone.common.wsgi [-] POST http://172.29.236.100:5000/v3/auth/OS-FEDERATION/saml2/ecp
> ERROR keystone.contrib.federation.idp [-] Error when signing assertion, reason: Command '['xmlsec1', '--sign', '--privkey-pem', '/etc/ssl/private/signing_key.pem,/etc/ssl/
> certs/signing_cert.pem', '--id-attr:ID', 'Assertion', '/tmp/tmpfXz0D4']' returned non-zero exit status 1
> 2015-06-24 21:54:46.482 13569 WARNING keystone.common.wsgi [-] An unexpected error prevented the server from fulfilling your request.
>
> It is not clear what the problem is from the logs
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150907/0fdc812d/attachment.html>
More information about the Openstack
mailing list