AssertionConditionInvalid < Federation < TWiki

Skip to topic | Skip to bottom

Federation

Federation.AssertionConditionInvalidr1.1 - 25 Aug 2007 - 14:21 - BrucLiongtopic end

Start of topic | Skip to actions

Assertion Condition Invalid

You get this, typically, due to 2 reasons:

you've got out of synch clock on your box. This sometimes happen when using vmware for example
```
date
ntpdate federation.org.au
```
you've got wrong shibboleth.xml configuration (entityId) as compared to what you've registered in the federation metadata or what the IdP accepts
- ask the IdP to see if that's the case, IdP typically will log "cannot locate Relying Party xxx in metadata, using default Relying Party". Assertion Condition will be invalid if the default relying party configuration doesn't fit configuration required for the SP.
- change your *.logger in $SHIB_SP_HOME/etc/shibboleth from INFO to DEBUG and notice what's registered on the shibd-error.log and shibd-access.log. You'll notice that AudienceRestriction^? section is not matching your SP's entityId.
- resolution: fix your shibboleth.xml to match what's needed by the federation or make sure the federation accepts your entityId

End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.1 | Total page history | Backlinks

You are here: Federation > FrequentlyAskedQuestions > AssertionConditionInvalid

to top

Copyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback