Skip to Content.
Sympa Menu

shibboleth-dev - Fwd: from Nathan Dors

Subject: Shibboleth Developers

List archive

Fwd: from Nathan Dors


Chronological Thread 
  • From:
  • To: "'Shibboleth Design Team'" <>
  • Subject: Fwd: from Nathan Dors
  • Date: Fri, 1 Aug 2003 09:11:18 -0400
Date: Thu, 31 Jul 2003 13:41:53 -0700 (PDT)
From: Nathan Dors
<>
To: Scott Cantor
<>
Cc: "'RL 'Bob' Morgan'"
<>,
"'Shibboleth Design Team'"
<>
Subject: RE: [testing the IIS target]
In-Reply-To:
<005e01c35799$5e73dc50$5cf39280@SAIDIN>
Message-ID:
<>
References:
<005e01c35799$5e73dc50$5cf39280@SAIDIN>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS 0.3.12pre8


Indeed, some sort of SAMLSOAPBinding:send error
while contacting the AA.

I thought Bob was using the UWash CA on that host,
but it's a HEPKI cert. I switched back to the
original ca-bundle.crt and things are working. !!

I can see in the shar.log that "dors" is the EPPN,
although that didn't make into any IIS variables.
The shib-origin-site and shib-authentication-method
where both exported into the environment. I assume I
need to play around some more to see what I can do
now.

Thanks for the help. Lookin' good folks, lookin' good!

-Nathan


On Thu, 31 Jul 2003, Scott Cantor wrote:

> I'm getting "Authorization Failed" (accessError.html).
> I'm using whatever AAP.xml was in the distribution and
> I'm not really sure how to say "pass the attributes to
> my .asp file and I'll figure out authorization."

It's not that, it just means your RM stage failed, and so it considers the
session up but without attributes. There should be a failure in the shar or
shire log somewhere, but you might also turn up logging to INFO or DEBUG for
kicks and see what else it says.

The AAP file is what passes the attributes. The error means it failed trying
to get them, possibly an AA error, or a local config problem.

-- Scott



------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--


  • Fwd: from Nathan Dors, Steven_Carmody, 08/01/2003

Archive powered by MHonArc 2.6.16.

Top of Page