Problem parsing a metadata file

[jensljungblad]

We have a metadata file that we are trying to parse with get_idp_metadata but it fails to return idp_cert and idp_cert_fingerprint. It does return idp_cert_multi however.

Here is the metadata file: https://login.lararforbundet.se/federationmetadata/2007-06/federationmetadata.xml

[pitbulk]

That happens because different IdP cert is used to sign and encrypt, and now we support different certs for each functionality.

You will be ok using directly idp_cert_multi on the settings (idp_cert and idp_certifingerprint will be ignored then).

Review the documentation about this new feature

[Linuus]

Hi!

Our settings look like this:

 :idp_cert=>nil,
 :idp_cert_fingerprint=>nil,
 :idp_cert_multi=>
  {"signing"=>
    ["MIIC6...."],
   "encryption"=>
    ["MIIC8...."]}}

But we still get this error:
Authentication failure! invalid_ticket: OneLogin::RubySaml::ValidationError, No fingerprint or certificate on settings

If I understand correctly it should ignore :idp_certand :idp_cert_fingerprint since we have the :idp_cert_multi parameter?

[borourke]

Yes, we also have the same issue. We get:

irb(main):120:0> response.errors
=> ["No fingerprint or certificate on settings"]

even though our settings file looks like this:

settings.idp_cert_multi                 = { signing: [signing], encryption: [encryption] }

Please look into this as it's pretty clear that is_valid? runs validate method, and first line of validate method is: https://github.com/onelogin/ruby-saml/blob/52472021725be64e25bed93cbba2259717ed573b/lib/onelogin/ruby-saml/response.rb#L410-L420

[pitbulk]

You are right, I will fix that

[borourke]

Thanks, appreciated!

[pitbulk]

Fixed with #402