OpenSAML user discussion

["Pantvaidya, Vishwajit" <>]

Ok - so I need to use testshib 1.3 instead of 2.0?
If yes, I suppose their should be no problem for my saml 1.1 sp that uses 
opensaml2.0 to process the saml1.1 assertion from testshib 1.3?


--------------------------
Sent from my BlackBerry Wireless Handheld


----- Original Message -----
From: Scott Cantor 
<>
To: 

 
<>
Sent: Tue Dec 02 20:49:28 2008
Subject: RE: [OpenSAML] Testing SAML relying party browser post profile

> Instead of the above, I would just like to access the testshib IdP and
upon
> logging in there would like the IdP to send an assertion to my (non-Shib)
SP
> with the attributes. Is this possible?

No, not with SAML 2 anyway. We don't support IdP-initiated SSO except with
the legacy Shibboleth/SAML1 option.

> - from the doc at that url, I got the url for SAML2 POST as
> https://idp.testshib.org/idp/profile/SAML2/POST/SSO. So I tried replacing
> the SAML2 with SAML1 but neither worked.

That works fine, but only if you, well, do that. That's a SAML endpoint and
you have to give it a SAML request.

> So is it at all possible to just go to the test idp url and provide my
> provider id and login to trigger the browser post of the assertion to my
SP?

Only with legacy requests and SAML 1.1 responses.

-- Scott