shibboleth-dev - Re: Shib 2.0: ADFS integration
Subject: Shibboleth Developers
List archive
- From: giacomo tenaglia <>
- To:
- Subject: Re: Shib 2.0: ADFS integration
- Date: Wed, 19 Dec 2007 15:42:02 +0100
On Tue, Dec 18, 2007 at 11:17:31AM -0500, Scott Cantor wrote:
> > I'm not getting any error, as I wrote on friday... basically the
> > SessionInitiator is ignored.
>
> I don't think I can reproduce that. I posted the example of what I used, and
> it did what I expected. I'll tweak the metadata to produce a "correct"
> request to make sure it's still redirecting properly, but there's no reason
> for that to be a problem since it's running the handler just fine.
>
> Please send me the SessionInitiator element you're using now (either by
> itself or in a chain), and the metadata file you said is working with 1.3.
I'm using this standalone SessionInitiator:
<SessionInitiator type="ADFS" Location="/Login" id="adfs" isDefault="true"
relayState="cookie" entityID="https://cern.ch/login"/>
Here is the metadata working with 1.3:
-----------------------------------------------------------------------
<EntitiesDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata
/usr/share/xml/shibboleth/saml-schema-metadata-2.0.xsd
urn:mace:shibboleth:metadata:1.0 @-PKGXMLDIR-@/shibboleth-metadata-1.0.xsd
http://www.w3.org/2000/09/xmldsig# @-PKGXMLDIR-@/xmldsig-core-schema.xsd"
Name="urn:mace:shibboleth:examples"
validUntil="2010-01-01T00:00:00Z">
<EntityDescriptor entityID="https://cern.ch/login">
<IDPSSODescriptor
protocolSupportEnumeration="http://schemas.xmlsoap.org/ws/2003/07/secext">
<Extensions>
<shibmd:Scope>cern.ch</shibmd:Scope>
</Extensions>
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
[certificate omitted]
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleSignOnService
Binding="http://schemas.xmlsoap.org/ws/2003/07/secext"
Location="https://login.cern.ch/adfs/ls/LoginForm.aspx"/>
</IDPSSODescriptor>
<SPSSODescriptor
protocolSupportEnumeration="http://schemas.xmlsoap.org/ws/2003/07/secext">
<AssertionConsumerService
Binding="http://schemas.xmlsoap.org/ws/2003/07/secext"
Location="https://login.cern.ch/adfs/ls/LoginForm.aspx" index="1" />
</SPSSODescriptor>
</EntityDescriptor>
</EntitiesDescriptor>
-----------------------------------------------------------------------
With 1.3 I was using this SessionInitiator:
<SessionInitiator isDefault="true" id="Twiki beta" Location="/"
Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
wayfURL="https://login.cern.ch/adfs/ls/LoginForm.aspx"
wayfBinding="http://schemas.xmlsoap.org/ws/2003/07/secext"/>
and everything worked. Yes, I know the Location is "/", but this was the
standard setup given by ADFS administrators (anyway also with
Location="/" 2.0 does not work).
giacomo
--
giacomo tenaglia
Technical Student at CERN IT/DES-SIS
CNR Biblioteca d'Area di Bologna - http://biblio.bo.cnr.it
Phone +41 76 5003376 -
sip:
- Shib 2.0: ADFS integration, giacomo tenaglia, 12/14/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/14/2007
- <Possible follow-up(s)>
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/17/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/17/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/18/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/18/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/18/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/18/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/18/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/19/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/19/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
- RE: Shib 2.0: ADFS integration, Scott Cantor, 12/19/2007
- Re: Shib 2.0: ADFS integration, giacomo tenaglia, 12/19/2007
Archive powered by MHonArc 2.6.16.