Shibboleth Developers

[Scott Cantor <>]

> This all seems to work.. HOWEVER..  For some reason I can't 
> get it to work with the origin at example.edu.  I get an 
> "unable to find a valid SSO assertion" error.  The logs don't 
> show anything all that interesting -- certainly nothing that 
> would cause me to think the assertion is bad.

<ConfirmationMethod>
urn:oasis:names:tc:SAML:1.0:cm:Bearer
</ConfirmationMethod>

Remember when I said 0.7 and 0.8 wouldn't interop? There're some dsig related 
reasons, but the big reason is this. 0.7 contains a
misspelling of the URI above. In 0.8 (and in the actual SAML spec), the B is 
a small b.

Back before SAML 1.0, the case of the URIs was flip-flopping, and when I 
first did the constant, it was a capital B.

I only just noticed that it was wrong, so I changed it, since we were 
breaking for other reasons anyway.

This seems stupid, I know, but the ConfirmationMethod is the thing that lets 
the target know this is the statement it should be
looking at.

Try shibdev.edu (which is shib2) for a proper working origin that will work 
against the cvs code you're using.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--