When the sample application of OneLogin Java-SAML toolkit is configured to provide signed SP metadata to Shibboleth IdP, the IdP rejects the metadata signature complaining about invalid transform used in the signing process. However, the validation of the signature by standard XML tools like oXygen editor and the like succeeds.
The java-saml-tookit-jspsample-2.2.0 application has been configured to provide signed metadata to IdP (onelogin.saml2.security.sign_metadata = true
) and the IdP's metadata-providers.xml contains configuration block using file-backed HTTP requiring signature validation.
What is wrong on this configuration?