shibboleth-dev - beta idp difficulty
Subject: Shibboleth Developers
List archive
- From: Jim Fox <>
- To:
- Subject: beta idp difficulty
- Date: Wed, 19 Sep 2007 14:31:34 -0700 (PDT)
I have some config questions.
Am using "shibboleth" as the app name in tomcat. And have this
ProxyPass /shibboleth ajp://localhost:8009/shibboleth
in apache's config.
In order to get shib to handle a request I have to use a URL like this:
https://<hostname>/shibboleth/profile/shibboleth/SSO?rest_of_request.
Is that expected and correct?
I configured an RP with
<RelyingParty id="urn:washington.edu:fox"
provider="lost.cac.washington.edu">
<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
<ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" />
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
<ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
</RelyingParty>
and got the metadata from our 1.3 idp's metadata file with a FilesystemMetadataProvider entry pointing to the 1.3 file.
The idp's log showed it to be configured, with entries like
.. Attempting to find parser with element name:
{urn:mace:shibboleth:2.0:relying-party}RelyingParty
.. Relying party configuration - relying party id urn:washington.edu:fox
.. Relying party configuration - provider ID: lost.cac.washington.edu
.. Relying party configuration - default authentication method:
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
.. Relying party configuration - 6 profile configurations
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}ShibbolethSSOProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}SAML1AttributeQueryProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}SAML1ArtifactResolutionProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}SAML2SSOProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}SAML2AttributeQueryProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}SAML2ArtifactResolutionProfile
However as soon as I attempt a login I get a "no relying party" error:
.. Looking up relying party configuration for lost.cac.washington.edu
.. No relying party configuration was registered for lost.cac.washington.edu
looking up configuration based on metadata groups
.. No relying party configuration found for lost.cac.washington.edu using
default configuration
.. Shibboleth SSO profile is not configured for relying party
lost.cac.washington.edu
What RP config am I missing?
Jim
p.s. When tomcat starts I see an error in the idp-process log
Parse Error at line 812 column 21:
The content of element type "action-mappings" must match "(action)*".
which seems to be unrelated to shib, but shows up only in the idp's log.
- beta idp difficulty, Jim Fox, 09/19/2007
- Re: beta idp difficulty, Scott Cantor, 09/19/2007
- Re: beta idp difficulty, Chad La Joie, 09/19/2007
- Re: beta idp difficulty, Jim Fox, 09/19/2007
- Re: beta idp difficulty, Chad La Joie, 09/19/2007
- Beta IDP Authentication, Jeff.Krug, 09/20/2007
- RE: Beta IDP Authentication, Jeff.Krug, 09/20/2007
- Re: Beta IDP Authentication, Will Norris, 09/21/2007
- RE: Beta IDP Authentication, Jim Fox, 09/21/2007
- Re: Beta IDP Authentication, Chad La Joie, 09/21/2007
- RE: Beta IDP Authentication, Jeff.Krug, 09/20/2007
- Re: beta idp difficulty, Jim Fox, 09/19/2007
Archive powered by MHonArc 2.6.16.