OpenSAML user discussion

[Brent Putman <>]

Pantvaidya, Vishwajit wrote:
> By profiles, do you mean profiles as in "browser post profile" or something 
> else?
>   

No, not exactly.  In SAML 1.1. Browser POST profile only covers the POST
to the SP.  There was no request defined into the IdP.  IdP initiated
was assumed.  Shibboleth 1.x extended this profile with a simple
SP-initiated protocol, comprised of a GET with query parameters. The
protocol/profile you want is defined in:

http://shibboleth.internet2.edu/docs/internet2-mace-shibboleth-arch-protocols-200509.pdf

For quickstart see specifically section 3.1.1.  It's really 3 GET query
parameters indicated there.

> My goal is to POST a test saml1.1 assertion to my non-Shibboleth SP 
> (implemented using OpenSAML2).
>
> I have already:
> - registered with openid
> - registered my SP with testshib
>
> So is there anyway that I can post an assertion using testshib to my SP?
> If yes, is there a URL/application that I need to use to trigger this post?
>   

Yes.  With Shibboleth 2.x (and TestShib 2) the default IdP endpoint for
the above Shibboleth SAML 1.x protocol would be: 
https://idp.testshib.org/idp/profile/Shibboleth/SSO


--Brent