Shibboleth Developers

[giacomo tenaglia <>]

On Mon, Dec 17, 2007 at 10:23:41AM -0500, Scott Cantor wrote:
> The problem case is when the entityID is ok but the role is missing, then it
> doesn't handle things reasonably unless it's chained. But even then you'd
> only get the "nothing handled this request" error.
> 
> The system can't do much in these cases, it's designed to either work or
> delegate to a discovery handler. If it falls through, nothing good can
> happen. It's only a question of how bad it is.

Ok, I've understood how this happens, thanks.

Anyway I'm still not able to get the SP interoperate with ADFS.
I'm using exactely the same metadata used with shib1.3, that was created
according with:
https://spaces.internet2.edu/display/SHIB/ADFSMetadataProfile

I've tried also with a single EntityDescriptor entry like this:

<EntityDescriptor 
    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
    xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
    xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata 
saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 
shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# 
xmldsig-core-schema.xsd"
    validUntil="2010-01-01T00:00:00Z"
    entityID="https://cern.ch/login";>

but with no success. Maybe I'm missing how to configure the IDP Role?

giacomo

-- 
giacomo tenaglia
Technical Student at CERN IT/DES-SIS
CNR Biblioteca d'Area di Bologna - http://biblio.bo.cnr.it
Phone +41 76 5003376 - 
sip: