Shibboleth Developers

["Scott Cantor" <>]

> 1) What logging options do I need to turn on to get Shib 2 to show me
> the SAML Request in the logfiles?  Currently all I see is:
> 
> I tried turning up everything to debug, but either I am missing a
> setting somewhere or this is not something that will get logged.

I don't see any code that would be logging it so I don't think it gets
dumped. Logging is a work in progress and I haven't decided yet where that
sort of thing should be dumped, SP or OpenSAML.

> 2) How does the bindingTemplate.html work in regards to this process.  I
> editted it to turn off auto-submit thinking that would allow me to
> inspect the generated request prior to transmission, but upon accessing
> a protected url at my SP, I still get automatically redirected to the
> Ping IDP.

The template applies to POST, not redirect. The redirect binding uses a 302.
I don't currently have a meta-refresh option, as it technically isn't
compliant to do that.

> I do not know if the signature is a problem, but I do think the
> SAMLRequest that shows up at the Ping IDP is not encoded correctly.  I
> would expect base64, but when I stop the Ping IDP from auto-redirecting
> back to Shibboleth on failure I see an encoded SAML Request, but it
> includes control characters, so it's not base64.

I doubt if that's what was sent. This all worked before when we tested
early, so I don't think anything that blatant has been broken in the
meantime. Note that the SAMLRequest is not just base64'd, it's also URL
encoded after that.

-- Scott