mace-opensaml-users - RE: [OpenSAML] Testing SAML relying party browser post profile
Subject: OpenSAML user discussion
List archive
- From: "Pantvaidya, Vishwajit" <>
- To: "" <>
- Subject: RE: [OpenSAML] Testing SAML relying party browser post profile
- Date: Tue, 2 Dec 2008 20:35:33 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
I registered my SP with testshib. Now as I understand, the way to test a Shib
SP with the test IdP is to
- deploy the generated configuration file to the Shib SP
- then access the SP's content located at https://yourhost.org/secure/
This will redirect to the testIdP which after logging in will release
attributes to the Shib SP being tested.
Instead of the above, I would just like to access the testshib IdP and upon
logging in there would like the IdP to send an assertion to my (non-Shib) SP
with the attributes. Is this possible?
Presuming my desired flow is possible and assuming that the normal flow was
all driven by the configuration xml driven, I:
- found out the idp url https://idp.testshib.org/idp/shibboleth from the
configuration xml
- from the doc at that url, I got the url for SAML2 POST as
https://idp.testshib.org/idp/profile/SAML2/POST/SSO. So I tried replacing the
SAML2 with SAML1 but neither worked.
So is it at all possible to just go to the test idp url and provide my
provider id and login to trigger the browser post of the assertion to my SP?
- Vish.
> -----Original Message-----
> From: Scott Cantor
> [mailto:]
> Sent: Tuesday, December 02, 2008 8:47 AM
> To:
>
> Subject: RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser
> post profile
>
> > 1. name of the SP machine - for this I provided the external ip address
> of
> > the machine (instead of the machine name) on which my SP server runs. Is
> > that okay?
>
> No, it's not.
>
> > 2. the SP's certificate
> > - since my SP installtion does not user Shibboleth, it did not
> > generate any certificate. So I left this empty. Is this the problem?
>
> Probably.
>
> > - what is this certificate used for?
>
> Authentication of back-channels mostly, and a container for encryption
> keys
> in the metadata.
>
> -- Scott
>
- RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/01/2008
- RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Scott Cantor, 12/02/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/02/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Scott Cantor, 12/02/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/02/2008
- RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser post profile, Scott Cantor, 12/02/2008
Archive powered by MHonArc 2.6.16.