Shibboleth Developers

["Scott Cantor" <>]

> I propose instructions to change occurrences of 
> "sp.example.org" to the machine on which the SP is installed. 
> This both sets the handlerURL to the right value and 
> establishes an Entity name that is not in the IdP Metadata. 
> The entity name of "sp.example.org" is in its Metadata and 
> produces a shire lookup error if not changed.

Well, you can either *be* sp.example.org, or not. If you are, the access URL
to the SP must be that hostname and the consumer services will be checked.
If there's one missing for the test config I can add that to the metadata on
wayf.

Or, you can change the names and be an unidentified SP, in which case it
would perhaps have been less confusing for us to *not* supply a working
sample config and just leave placeholders.

I think it's better than it was, with the old localhost stuff, but I would
have been happy to stop trying to create a fake, useless configuration just
so people get warm fuzzies sooner.

> I get some sort of certificate mismatch of Metadata and 
> actual AA certificate:

Shouldn't, unless the metadata is wrong. It's signed by bossie.

> 15:16 ERROR cannot match certificate subject against 
> acceptable key names based on the metadata entityId or KeyDescriptors

That sounds like a bug in the metadata you're using somehow. If you're using
the same IQ-metadata file that the SP shops with now, I know it's correct.

-- Scott