Skip to topic | Skip to bottom
Home
Federation
Hello TWikiGuest

Create personal sidebar
Federation.InvalidCredentialr1.1 - 30 Jul 2008 - 04:39 - BrucLiongtopic end
Start of topic | Skip to actions

Session Creation Error: Invalid credential

Despite the IdP has been configured properly such that its /SSO being protected by appropriate mechanism and you're successfully authenticated, but the IdP will still throw this error.

The log will show something similar to: 

ERROR [IdP] - Encountered an error during validation: java.security.NoSuchAlgorithmException: PKIX
ERROR [IdP] - Supplied TLS credential (C=AU,ST=NSW,L=Sydney,O=Macquarie University,OU=xxx) is
NOT valid for provider (urn:mace:federation.org.au:testfed:level-1:xxx), to whom this artifact
was issued.
ERROR [IdP] - Error while processing request: org.opensaml.SAMLException: Invalid credential.

The reason for this is because you're using a wrong java version.

Specifically, tomcat by default uses as JAVA_HOME /usr/lib/jvm/java, which is a symlink to /etc/alternatives/java_sdk. You need to either edit /ets/sysconfig/tomcat5 or change this symlink with /etc/alternatives, or a vanilla installation of Sun java.

When tomcat5 runs under GJC, the IdP appears to run fine, however it is not able to verify PKI credentials of Service Providers requesting attributes (Artifact profile), hence you will see the authentication request to fail on the log.
to top

End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.1 | Total page history | Backlinks
You are here: Federation > FrequentlyAskedQuestions > InvalidCredential

to top

Copyright © 1999-2010 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback