OpenSAML user discussion

["Pantvaidya, Vishwajit" <>]

By profiles, do you mean profiles as in "browser post profile" or something 
else?

My goal is to POST a test saml1.1 assertion to my non-Shibboleth SP 
(implemented using OpenSAML2).

I have already:
- registered with openid
- registered my SP with testshib

So is there anyway that I can post an assertion using testshib to my SP?
If yes, is there a URL/application that I need to use to trigger this post?
If no, will having a full shibboleth deployment help me do this?


- Vish.


> -----Original Message-----
> From: Chad La Joie 
> [mailto:]
>
> Testhib2 supports all the old profiles.  So you can 2, but just use the
> old Shib SSO profile with it.
>
> Pantvaidya, Vishwajit wrote:
> > Ok - so I need to use testshib 1.3 instead of 2.0?
> > If yes, I suppose their should be no problem for my saml 1.1 sp that
> uses opensaml2.0 to process the saml1.1 assertion from testshib 1.3?
> >
> >
> > ----- Original Message -----
> > From: Scott Cantor 
> > <>
> >
> >> Instead of the above, I would just like to access the testshib IdP and
> > upon
> >> logging in there would like the IdP to send an assertion to my (non-
> Shib)
> > SP
> >> with the attributes. Is this possible?
> >
> > No, not with SAML 2 anyway. We don't support IdP-initiated SSO except
> with
> > the legacy Shibboleth/SAML1 option.
> >
> >> - from the doc at that url, I got the url for SAML2 POST as
> >> https://idp.testshib.org/idp/profile/SAML2/POST/SSO. So I tried
> replacing
> >> the SAML2 with SAML1 but neither worked.
> >
> > That works fine, but only if you, well, do that. That's a SAML endpoint
> and
> > you have to give it a SAML request.
> >
> >> So is it at all possible to just go to the test idp url and provide my
> >> provider id and login to trigger the browser post of the assertion to
> my
> > SP?
> >
> > Only with legacy requests and SAML 1.1 responses.