Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Testing SAML relying party browser post profile

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Testing SAML relying party browser post profile


Chronological Thread 
  • From: "Pantvaidya, Vishwajit" <>
  • To: "" <>
  • Subject: RE: [OpenSAML] Testing SAML relying party browser post profile
  • Date: Wed, 3 Dec 2008 19:02:23 -0800
  • Accept-language: en-US
  • Acceptlanguage: en-US
Thanks. Based on this, I tried the following browser requests:

https://idp.testshib.org/idp/profile/Shibboleth/SSO?providerId=https%3A%2F%2Fvishsjlaptop.selectica.com%2Fshibboleth%2Ftestshib%2Fsp&shire=http%3A%2F%2Fvishsjlaptop.selectica.com&target=login.jsp
(i.e. providerId=https://vishsjlaptop.selectica.com/shibboleth/testshib/sp,
shire=http://vishsjlaptop.selectica.com/, target=login.jsp)

and

https://idp.testshib.org/idp/profile/Shibboleth/SSO?providerId=https%3A%2F%2F64.161.158.31%2Fshibboleth%2Ftestshib%2Fsp&shire=http%3A%2F%2F64.161.158.31&target=login.jsp

But I get "Error Message: No peer endpoint available to which to send SAML
response" and the idp process log has following messages:

21:51:54.362 DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:126]
- Looking up relying party configuration for
https://64.161.158.31/shibboleth/testshib/sp
21:51:54.363 DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:132]
- No custom relying party configuration found for
https://64.161.158.31/shibboleth/testshib/sp, looking up configuration based
on metadata groups.
21:51:54.364 DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:155]
- No custom or group-based relying party configuration found for
https://64.161.158.31/shibboleth/testshib/sp. Using default relying party
configuration.
21:51:54.365 DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOEndpointSelector:78]
- Selecting endpoint from metadata corresponding to provided ACS URL:
http://64.161.158.31
21:51:54.365 DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOEndpointSelector:82]
- Relying party role contains 4 endpoints
21:51:54.366 DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml1.ShibbolethSSOEndpointSelector:101]
- No endpoint meets selection criteria for SAML entity
https://64.161.158.31/shibboleth/testshib/sp
21:51:54.367 ERROR
[edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:396]
- No return endpoint available for relying party
https://64.161.158.31/shibboleth/testshib/sp
21:51:54.368 ERROR
[edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:85]
- Error processing profile request
edu.internet2.middleware.shibboleth.common.profile.ProfileException: No peer
endpoint available to which to send SAML response

Does this mean it tried to send a saml request to my SP? Or is their
something missing in my configuration?



> -----Original Message-----
> From: Brent Putman
> [mailto:]
>
> Pantvaidya, Vishwajit wrote:
> > By profiles, do you mean profiles as in "browser post profile" or
> something else?
> >
>
> No, not exactly. In SAML 1.1. Browser POST profile only covers the POST
> to the SP. There was no request defined into the IdP. IdP initiated
> was assumed. Shibboleth 1.x extended this profile with a simple
> SP-initiated protocol, comprised of a GET with query parameters. The
> protocol/profile you want is defined in:
>
> http://shibboleth.internet2.edu/docs/internet2-mace-shibboleth-arch-
> protocols-200509.pdf

Archive powered by MHonArc 2.6.16.

Top of Page