Skip to Content.
Sympa Menu

shibboleth-dev - Re: beta idp difficulty

Subject: Shibboleth Developers

List archive

Re: beta idp difficulty


Chronological Thread 
  • From: Jim Fox <>
  • To:
  • Subject: Re: beta idp difficulty
  • Date: Wed, 19 Sep 2007 19:16:47 -0700

Got it. How about the "RP not found?"

Jim

On Sep 19, 2007, at 5:44 PM, Chad La Joie wrote:

I thought I had a <context>/shibboleth/SSO article listing all the
endpoints in the IdP but I guess not. They are:

/shibboleth/SSO
/saml1/SOAP/AttributeQuery
/saml/SOAP/ArtifactResolution
/saml2/POST/SSO
/saml2/Redirect/SSO
/saml2/SOAP/AttributeQuery
/saml2/SOAP/ArtifactResolution

General format is /<protocol>/<binding>/<profile/operation>

Jim Fox wrote:

I have some config questions.


Am using "shibboleth" as the app name in tomcat. And have this

ProxyPass /shibboleth ajp://localhost:8009/shibboleth

in apache's config.

In order to get shib to handle a request I have to use a URL like this:

https://<hostname>/shibboleth/profile/shibboleth/SSO? rest_of_request.

Is that expected and correct?


I configured an RP with

<RelyingParty id="urn:washington.edu:fox"
provider="lost.cac.washington.edu">
<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
<ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" />
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
<ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
</RelyingParty>

and got the metadata from our 1.3 idp's metadata file with a
FilesystemMetadataProvider entry pointing to the 1.3 file.

The idp's log showed it to be configured, with entries like

.. Attempting to find parser with element name:
{urn:mace:shibboleth:2.0:relying-party}RelyingParty
.. Relying party configuration - relying party id urn:washington.edu:fox
.. Relying party configuration - provider ID: lost.cac.washington.edu
.. Relying party configuration - default authentication method:
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
.. Relying party configuration - 6 profile configurations
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}ShibbolethSSOProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml} SAML1AttributeQueryProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml} SAML1ArtifactResolutionProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml}SAML2SSOProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml} SAML2AttributeQueryProfile
.. Attempting to find parser for element of type:
{urn:mace:shibboleth:2.0:relying-party:saml} SAML2ArtifactResolutionProfile



However as soon as I attempt a login I get a "no relying party" error:

.. Looking up relying party configuration for lost.cac.washington.edu
.. No relying party configuration was registered for
lost.cac.washington.edu looking up configuration based on metadata groups
.. No relying party configuration found for lost.cac.washington.edu
using default configuration
.. Shibboleth SSO profile is not configured for relying party
lost.cac.washington.edu


What RP config am I missing?

Jim


p.s. When tomcat starts I see an error in the idp-process log

Parse Error at line 812 column 21:
The content of element type "action-mappings" must match "(action)*".

which seems to be unrelated to shib, but shows up only in the idp's log.


--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124


Archive powered by MHonArc 2.6.16.

Top of Page