mace-opensaml-users - RE: [OpenSAML] Testing SAML relying party browser post profile
Subject: OpenSAML user discussion
List archive
- From: "Pantvaidya, Vishwajit" <>
- To: "" <>
- Subject: RE: [OpenSAML] Testing SAML relying party browser post profile
- Date: Thu, 4 Dec 2008 21:11:52 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
> -----Original Message-----
> From: Brent Putman
> [mailto:]
> Sent: Wednesday, December 03, 2008 8:44 PM
>
> I'd suggest getting rid of all but one of those, just to avoid
> confusion. I think you can delete your own entries via the "Edit"
[Pantvaidya, Vishwajit] I deleted the 2 TestShib2 profiles.
>
> Pantvaidya, Vishwajit wrote:
> > Thanks. Based on this, I tried the following browser requests:
> >
> >
> https://idp.testshib.org/idp/profile/Shibboleth/SSO?providerId=https%3A%2F
> %2Fvishsjlaptop.selectica.com%2Fshibboleth%2Ftestshib%2Fsp&shire=http%3A%2
> F%2Fvishsjlaptop.selectica.com&target=login.jsp
> > (i.e.
> providerId=https://vishsjlaptop.selectica.com/shibboleth/testshib/sp,
> shire=http://vishsjlaptop.selectica.com/, target=login.jsp)
> >
>
> Yeah, your shire parameter there isn't correct, or at least doesn't jibe
> with metadata. That should:
> 1) be the endpoint to which the POST profile will post the SAML
> response. Don't know what that is in your app. Maybe
> http://vishsjlaptop.selectica.com/ is correct, but that looks a little
> suspect. Probably should be a explicit path there.
[Pantvaidya, Vishwajit] The endpoint is correct - that's where my Sp is
available. I think I have forgotten the login.jsp at the end. I will add that.
> 2) it needs to match one of the AssertionConsumerService endpoints for
> the Browser POST binding in your metadata entry. Find the effective
> metadata entry that you are using (easier if you get rid of all but one
> of them) and in your EntityDescriptor/AssertionConsumerService entries'
> Location attribute, make sure they match your SP implementation's
> endpoint. The default values that are generated are for a Shibboleth
> SP, certainly not the same as your SP. Here's what one of your entries
> has, for example
>
>
> <md:AssertionConsumerService
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-
> post"
>
> Location="https://vishsjlaptop.selectica.com/Shibboleth.sso/SAML/POST";
> index="6"/>
> <md:AssertionConsumerService
> Binding="urn:oasis:names:tc:SAML:1.1:profiles:browser-
> post"
>
> Location="http://vishsjlaptop.selectica.com/Shibboleth.sso/SAML/POST";
> index="7"/>
>
[Pantvaidya, Vishwajit] Didn't know that testshib adds that at the end.
Thanks. I will edit that to match my SP. Will let you know how that goes.
- Re: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/03/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Chad La Joie, 12/03/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/03/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 12/03/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 12/03/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/03/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 12/03/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/05/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 12/03/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Brent Putman, 12/03/2008
- RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 12/03/2008
- Re: [OpenSAML] Testing SAML relying party browser post profile, Chad La Joie, 12/03/2008
Archive powered by MHonArc 2.6.16.