shibboleth-dev - Re: signed assertions
Subject: Shibboleth Developers
List archive
- From: Ian Young <>
- To:
- Subject: Re: signed assertions
- Date: Tue, 21 Feb 2006 19:34:15 +0000
Scott Cantor wrote:
You should be able to capture the outgoing envelope in the IdP log.
I was able to log into the wiki from that IdP, and my ePPN got through as evidenced by it knowing that I am IanYoung. I can indeed see from the IdP logs that the outgoing attribute assertion was signed.
So my IdP is generating signatures that your SP likes, but that my SP dislikes. How irritating.
The SP in question is running your latest FC4 RPMs, and I have checked the RPM versions of shibb and the other things (xml-security-c, xerces-c etc.) against the download site; they are all up-to-date.
One unrelated note...exportAssertion blows Apache up immediately here, so if
that's on, it will work until Apache errors out in the request.
Because the signed assertion is too large? OK. I have turned the pass-through of that off on my test SP for now.
If you wanted to try the your-IdP/my-SP combination, an IdP in InQueue could be tweaked to issue signed assertions to my SP:
urn:mace:ac.uk:sdss.ac.uk:provider:service:target.iay.org.uk
Then, you could go here:
https://target.iay.org.uk:8446/index.html
Click on the link for an InQueue WAYF or the SDSS multi-WAYF, and when you get back from your IdP, click the link that says "a more interesting test" to see if any attributes got through.
This is assuming that your IdP has appropriate metadata, which I think everything in InQueue does.
-- Ian
- signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- RE: signed assertions, Scott Cantor, 02/21/2006
- <Possible follow-up(s)>
- RE: signed assertions, Scott Cantor, 02/21/2006
- Re: signed assertions, Ian Young, 02/22/2006
- RE: signed assertions, Scott Cantor, 02/22/2006
- Re: signed assertions, Walter Hoehn, 02/22/2006
- RE: signed assertions, Scott Cantor, 02/22/2006
- Re: signed assertions, Ian Young, 02/22/2006
Archive powered by MHonArc 2.6.16.