OpenSAML user discussion

["Pantvaidya, Vishwajit" <>]

I registered my SP with testshib. Now as I understand, the way to test a Shib 
SP with the test IdP is to
- deploy the generated configuration file to the Shib SP
- then access the SP's content located at https://yourhost.org/secure/
This will redirect to the testIdP which after logging in will release 
attributes to the Shib SP being tested.

Instead of the above, I would just like to access the testshib IdP and upon 
logging in there would like the IdP to send an assertion to my (non-Shib) SP 
with the attributes. Is this possible?

Presuming my desired flow is possible and assuming that the normal flow was 
all driven by the configuration xml driven, I:
- found out the idp url https://idp.testshib.org/idp/shibboleth from the 
configuration xml
- from the doc at that url, I got the url for SAML2 POST as 
https://idp.testshib.org/idp/profile/SAML2/POST/SSO. So I tried replacing the 
SAML2 with SAML1 but neither worked.

So is it at all possible to just go to the test idp url and provide my 
provider id and login to trigger the browser post of the assertion to my SP?


- Vish.

> -----Original Message-----
> From: Scott Cantor 
> [mailto:]
> Sent: Tuesday, December 02, 2008 8:47 AM
> To: 
> 
> Subject: RE: [OpenSAML] [OpenSAML2] Testing SAML relying party browser
> post profile
>
> > 1. name of the SP machine - for this I provided the external ip address
> of
> > the machine (instead of the machine name) on which my SP server runs. Is
> > that okay?
>
> No, it's not.
>
> > 2. the SP's certificate
> >         - since my SP installtion does not user Shibboleth, it did not
> > generate any certificate. So I left this empty. Is this the problem?
>
> Probably.
>
> >         - what is this certificate used for?
>
> Authentication of back-channels mostly, and a container for encryption
> keys
> in the metadata.
>
> -- Scott
>