Skip to Content.
Sympa Menu

shibboleth-dev - RE: Strange Shib 2.0 SP Failure

Subject: Shibboleth Developers

List archive

RE: Strange Shib 2.0 SP Failure


Chronological Thread 
  • From: <>
  • To: <>
  • Subject: RE: Strange Shib 2.0 SP Failure
  • Date: Fri, 11 Apr 2008 17:20:50 -0400

Based on the wiki page:
https://spaces.internet2.edu/display/SHIB2/NativeSPSessionInitiator

It's part of the SAML2 Session Initiator (not part of the Chaining). I
made the change seen below and it fixed the problem for me:

<SessionInitiator isDefault="true" type="Chaining" Location="/DS"
id="DS" relayState="cookie">
<SessionInitiator type="SAML2" acsByIndex="false" defaultACSIndex="1"
template="bindingTemplate.html"/>
<SessionInitiator type="SAMLDS"
URL="http://my.discovery.service/ds/"/>
</SessionInitiator>



-----Original Message-----
From: Chris G. Sellers
[mailto:]

Sent: Friday, April 11, 2008 5:17 PM
To:

Subject: Re: Strange Shib 2.0 SP Failure

I had acsByIndex off already, unless I'm looking in the wrong spot.

upgrade.xsl: <SessionInitiator type="Chaining"
Location="{@Location}"
acsByIndex="false" relayState="cookie">


Sellers
On Apr 10, 2008, at 1:28 PM, Scott Cantor wrote:
>> Thanks Scott, I removed the relayState=cookie from my initiator and
>> the error went away for me too.
>
> The recommended fix is to turn off acsByIndex. Exposing the target
> is a
> privacy leak and isn't compliant with the SAML 2 spec.
>
> -- Scott
>
>

______________________________________________
Chris G. Sellers | NITLE - Technology Team
734.661.2318 |

AIM: imthewherd | GoogleTalk:





Archive powered by MHonArc 2.6.16.

Top of Page