shibboleth-dev - Re: Shib 2.0: ADFS integration
Subject: Shibboleth Developers
List archive
- From: giacomo tenaglia <>
- To:
- Subject: Re: Shib 2.0: ADFS integration
- Date: Mon, 17 Dec 2007 10:05:06 +0100
On Fri, Dec 14, 2007 at 10:42:31AM -0500, Scott Cantor wrote:
> > Now if I try with something like this I got "None of the configured
> > SessionInitiators handled the request":
> >
> > <SessionInitiator type="Chaining" Location="/" isDefault="true" id="Twiki
> > beta"
>
> Location="/" is not allowed. I don't know what it will do, I'll check the
> code. It might just be skipping it, and the log might say that up front.
I've seen that the 1.3 deployment here uses Location="/", so I thought
it had to be the same.
> I'm pretty sure your problem is nothing more than a bogus location. Unless
> you have a need for something sophisticated, you should use
> Location="/Login" to keep things consistent. That can be a Chaining
> initiator with the ADFS inside it, or just the ADFS itself if the entityID
> is hardcoded to an ADFS site anyway.
I've tried both, but without success.
It seems that if there's only and ADFS initiatior it gets ignored when a
new session is required.
The initiator seems to get correctly initialized:
2007-12-17 09:11:29 DEBUG Shibboleth.SessionInitiator.ADFS : added property
Location (/Login)
2007-12-17 09:11:29 DEBUG Shibboleth.SessionInitiator.ADFS : added property
entityID (https://cern.ch/login)
2007-12-17 09:11:29 DEBUG Shibboleth.SessionInitiator.ADFS : added property
id (Twiki beta)
2007-12-17 09:11:29 DEBUG Shibboleth.SessionInitiator.ADFS : added property
isDefault (true)
2007-12-17 09:11:29 DEBUG Shibboleth.SessionInitiator.ADFS : added property
type (ADFS)
I've tried to use the same configuration but with type "Shib1" or
"SAML2", and I got the proper error: "unable to locate SAML
2.0/Shibboleth-aware identity provider role for provider".
I've also tried to specify a non-existent entityID: with type "Shib1" or
"SAML2" I got an "unable to locate metadata for provider" error, with
"ADFS" I got the same "None of the configured SessionInitiators handled
the request" (or "No default session initiator found", if I use only an
ADFS entry).
I've succeded to reach ADFS only using a "WAYF" initiator, and
specifying URL and Binding as they were in 1.3 configuration, but then I
got a "wrong action" error from ADFS.
giacomo
--
giacomo tenaglia
Technical Student at CERN IT/DES-SIS
CNR Biblioteca d'Area di Bologna - http://biblio.bo.cnr.it
Phone +41 76 5003376 -
sip:
- Shib 2.0: ADFS integration, giacomo tenaglia, 12/14/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/14/2007
- <Possible follow-up(s)>
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/17/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/17/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/18/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/18/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/18/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/18/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/18/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/19/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
Archive powered by MHonArc 2.6.16.