Some IdPs experience signature verification exceptions in Shibboleth IdP.
Java 7 may raise an exception when it try to verify the data with the certificate of different key length. If an SP has two certificates for signing in metadata, one with 1024bit key and the other with 2048bit, and also if the SP signs AuthnRequest, Java 7 occasionally seems to produce SignatureException and Shibboleth IdP does not catch it properly.
IdP should verify the signature with both certificates but the exception prevents it.
Log: 1:19:57.770 - ERROR [org.opensaml.xml.security.SigningUtil:250] - Error during signature verification java.security.SignatureException: Signature length not correct: got 256 but was expecting 128
Some IdPs experience signature verification exceptions in Shibboleth IdP.
Java 7 may raise an exception when it try to verify the data with the certificate of different key length.
If an SP has two certificates for signing in metadata, one with 1024bit key and the other with 2048bit, and also if the SP signs AuthnRequest, Java 7 occasionally seems to produce SignatureException and Shibboleth IdP does not catch it properly.
IdP should verify the signature with both certificates but the exception prevents it.
Log:
1:19:57.770 - ERROR [org.opensaml.xml.security.SigningUtil:250] - Error during signature verification java.security.SignatureException: Signature length not correct: got 256 but was expecting 128