Hey Folks, I'm trying to get CAS to act as an idp for Office365. I've tried both the built-in integration and configuring it manually. Either way I keep getting this:
2020-10-24 06:14:56,070 INFO [org.apereo.cas.support.saml.services.idp.metadata.cache.resolver.FileSystemResourceMetadataResolver] - <Loading SAML metadata from [/etc/cas/saml/federationmetadata.xml]> 2020-10-24 06:14:56,108 INFO [org.apereo.cas.support.saml.SamlUtils] - <Successfully resolved credentials from [file [/etc/cas/saml/idp-signing.crt]]> 2020-10-24 06:14:56,341 WARN [org.apache.xml.security.signature.XMLSignature] - <Signature verification failed.> 2020-10-24 06:14:56,341 ERROR [org.opensaml.saml.metadata.resolver.filter.impl.SignatureValidationFilter] - <Signature trust establishment failed for metadata entry urn:federation:MicrosoftOnline> 2020-10-24 06:14:56,342 ERROR [org.opensaml.saml.metadata.resolver.impl.DOMMetadataResolver] - <Metadata Resolver InMemoryResourceMetadataResolver org.apereo.cas.support.saml.InMemoryResourceMetadataResolver: Unable to filter metadata: Signature trust establishment failed for metadata entry> Is this referring to Microsoft's signature or (more likely) my idp-signature.crt? I've already tried adding my own certs to the system trust store (via update-ca-trust on Linux)...nothing changed. Can anybody offer any clues as to what I might have done wrong or how to fix this? Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/04ee17c2-d697-4e19-987f-ffeda2e2adb2n%40apereo.org.
