Shibboleth Developers

[Chad La Joie <>]

I thought I had a <context>/shibboleth/SSO article listing all the
endpoints in the IdP but I guess not.  They are:

/shibboleth/SSO
/saml1/SOAP/AttributeQuery
/saml/SOAP/ArtifactResolution
/saml2/POST/SSO
/saml2/Redirect/SSO
/saml2/SOAP/AttributeQuery
/saml2/SOAP/ArtifactResolution

General format is /<protocol>/<binding>/<profile/operation>

Jim Fox wrote:
> 
> I have some config questions.
> 
> 
> Am using "shibboleth" as the app name in tomcat.  And have this
> 
>    ProxyPass /shibboleth ajp://localhost:8009/shibboleth
> 
> in apache's config.
> 
> In order to get shib to handle a request I have to use a URL like this:
> 
>   https://<hostname>/shibboleth/profile/shibboleth/SSO?rest_of_request.
> 
> Is that expected and correct?
> 
> 
> I configured an RP with
> 
>  <RelyingParty id="urn:washington.edu:fox"
>                provider="lost.cac.washington.edu">
>     <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
>     <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
>     <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" />
>     <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
>     <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
>     <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
>  </RelyingParty>
> 
> and got the metadata from our 1.3 idp's metadata file with a
> FilesystemMetadataProvider entry pointing to the 1.3 file.
> 
> The idp's log showed it to be configured, with entries like
> 
> ..  Attempting to find parser with element name:
> {urn:mace:shibboleth:2.0:relying-party}RelyingParty
> .. Relying party configuration - relying party id urn:washington.edu:fox
> .. Relying party configuration - provider ID: lost.cac.washington.edu
> .. Relying party configuration - default authentication method:
> urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
> .. Relying party configuration - 6 profile configurations
> .. Attempting to find parser for element of type:
> {urn:mace:shibboleth:2.0:relying-party:saml}ShibbolethSSOProfile
> .. Attempting to find parser for element of type:
> {urn:mace:shibboleth:2.0:relying-party:saml}SAML1AttributeQueryProfile
> .. Attempting to find parser for element of type:
> {urn:mace:shibboleth:2.0:relying-party:saml}SAML1ArtifactResolutionProfile
> .. Attempting to find parser for element of type:
> {urn:mace:shibboleth:2.0:relying-party:saml}SAML2SSOProfile
> .. Attempting to find parser for element of type:
> {urn:mace:shibboleth:2.0:relying-party:saml}SAML2AttributeQueryProfile
> .. Attempting to find parser for element of type:
> {urn:mace:shibboleth:2.0:relying-party:saml}SAML2ArtifactResolutionProfile
> 
> 
> 
> However as soon as I attempt a login I get a "no relying party" error:
> 
> .. Looking up relying party configuration for lost.cac.washington.edu
> .. No relying party configuration was registered for
> lost.cac.washington.edu looking up configuration based on metadata groups
> .. No relying party configuration found for lost.cac.washington.edu
> using default configuration
> .. Shibboleth SSO profile is not configured for relying party
> lost.cac.washington.edu
> 
> 
> What RP config am I missing?
> 
> Jim
> 
> 
> p.s.  When tomcat starts I see an error in the idp-process log
> 
>    Parse Error at line 812 column 21:
>    The content of element type "action-mappings" must match "(action)*".
> 
> which seems to be unrelated to shib, but shows up only in the idp's log.
> 

-- 
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124