Skip to Content.
Sympa Menu

mace-opensaml-users - RE: [OpenSAML] Testing SAML relying party browser post profile

Subject: OpenSAML user discussion

List archive

RE: [OpenSAML] Testing SAML relying party browser post profile


Chronological Thread 
  • From: "Pantvaidya, Vishwajit" <>
  • To: "" <>
  • Subject: RE: [OpenSAML] Testing SAML relying party browser post profile
  • Date: Wed, 14 Jan 2009 17:55:02 -0800
  • Accept-language: en-US
  • Acceptlanguage: en-US

Thanks Brent. Back from vacation and fresh, I tried with the changed URL
based on your suggestions and I was able to receive the response from
testshib on my server. Now I will try to run it through the entire logic and
see how that goes.


- Vish.

> -----Original Message-----
> From: Pantvaidya, Vishwajit
> [mailto:]
> Sent: Thursday, December 04, 2008 9:12 PM
> To:
>
> Subject: RE: [OpenSAML] Testing SAML relying party browser post profile
>
>
>
> > -----Original Message-----
> > From: Brent Putman
> > [mailto:]
> > Sent: Wednesday, December 03, 2008 8:44 PM
> >
> > I'd suggest getting rid of all but one of those, just to avoid
> > confusion. I think you can delete your own entries via the "Edit"
>
> [Pantvaidya, Vishwajit] I deleted the 2 TestShib2 profiles.
>
> >
> > Pantvaidya, Vishwajit wrote:
> > > Thanks. Based on this, I tried the following browser requests:
> > >
> > >
> >
> https://idp.testshib.org/idp/profile/Shibboleth/SSO?providerId=https%3A%2F
> >
> %2Fvishsjlaptop.selectica.com%2Fshibboleth%2Ftestshib%2Fsp&shire=http%3A%2
> > F%2Fvishsjlaptop.selectica.com&target=login.jsp
> > > (i.e.
> > providerId=https://vishsjlaptop.selectica.com/shibboleth/testshib/sp,
> > shire=http://vishsjlaptop.selectica.com/, target=login.jsp)
> > >
> >
> > Yeah, your shire parameter there isn't correct, or at least doesn't jibe
> > with metadata. That should:
> > 1) be the endpoint to which the POST profile will post the SAML
> > response. Don't know what that is in your app. Maybe
> > http://vishsjlaptop.selectica.com/ is correct, but that looks a little
> > suspect. Probably should be a explicit path there.
>
> [Pantvaidya, Vishwajit] The endpoint is correct - that's where my Sp is
> available. I think I have forgotten the login.jsp at the end. I will add
> that.
>
> > 2) it needs to match one of the AssertionConsumerService endpoints for
> > the Browser POST binding in your metadata entry. Find the effective
> > metadata entry that you are using (easier if you get rid of all but one
> > of them) and in your EntityDescriptor/AssertionConsumerService entries'
> > Location attribute, make sure they match your SP implementation's
> > endpoint. The default values that are generated are for a Shibboleth
> > SP, certainly not the same as your SP. Here's what one of your entries
> > has, for example
> >
> >
> > <md:AssertionConsumerService
> > Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-
> > post"
> >
> > Location="https://vishsjlaptop.selectica.com/Shibboleth.sso/SAML/POST";
> > index="6"/>
> > <md:AssertionConsumerService
> > Binding="urn:oasis:names:tc:SAML:1.1:profiles:browser-
> > post"
> >
> > Location="http://vishsjlaptop.selectica.com/Shibboleth.sso/SAML/POST";
> > index="7"/>
> >
>
> [Pantvaidya, Vishwajit] Didn't know that testshib adds that at the end.
> Thanks. I will edit that to match my SP. Will let you know how that goes.


  • RE: [OpenSAML] Testing SAML relying party browser post profile, Pantvaidya, Vishwajit, 01/14/2009

Archive powered by MHonArc 2.6.16.

Top of Page