Previous Topic: Web Agent Option Pack Fails when TRANSIENTIP Checking is Enabled (75240, 83125)Next Topic: NameID in Assertion Had the Wrong Format (76311, 83119)

Release NotesFederation Security Services Release NotesFixes in r12 SP1 and SP2Wrong Private Key is Used to Sign Assertions (76161, 83118)

Wrong Private Key is Used to Sign Assertions (76161, 83118)

Symptom:

The wrong key in the smkeydatabase is being used to sign assertions.

STAR Issue: 17507633+17527146;01

Solution:

To sign SAML 1.1 assertions, ensure that the correct certificate for each partnership is used when multiple affiliate domains are defined. If signed assertions are specified but no signing alias is selected, use the certificate corresponding to the defaultenterpriseprivatekey alias.