Skip to Content.
Sympa Menu

shibboleth-dev - RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?

Subject: Shibboleth Developers

List archive

RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: <>
  • Subject: RE: OpenID2 to SAML2 to SAML1.1 ... to Shib, anyone?
  • Date: Wed, 16 Apr 2008 10:46:57 -0400
  • Organization: The Ohio State University

> Using the ISAPI filter in IIS7, I've made some progress with Shib2. The
> general scenario described below is merely attempting to do merely what I
do
> regularly with our own (non-Shib) SAML2 server install.

If you're just trying to use Shibboleth, I'd suggest using the
shibboleth-users list for questions, not the -dev list.

> Using trial and error (and error and error) and trying all sorts of
variants
> of settings, I settled on the following configuration. However, accessing
> /secure2 causes a flow loop.

Loops are almost always cookie problems, probably https/http mismatches or
possibly hostname mismatches. You need to follow the redirects and make sure
it's using a consistent hostname and port.

If you have a "real" hostname, you should not use sp.example.org. Even if
it's just a fake name you setup locally, you're just confusing yourself and
the software trying to play these games.

-- Scott





Archive powered by MHonArc 2.6.16.

Top of Page