unsolicited sso

Chance Cox ccox14 at elon.edu
Tue Nov 1 18:35:38 GMT 2011 

I may have mis-interpreted the whole concept here. Im sorry for causing any confusion here but I have no idea what needs to happen here. Basically this company said we don't use shibboleth we have a SAML 2 endpoint. which is the url provided. That is all the gave me. Am i mistaking in thinking that the ProviderId is a shibboleth concept for shibboleth sp?

On Oct 31, 2011, at 1:17 PM, Peter Schober wrote:

> * Chance Cox <ccox14 at elon.edu> [2011-10-31 16:37]:
>> I have not been able to get this to work. the Unsolicited sso is
>> beyond my skill. Does anyone know of a consultant company that would
>> help implement a solution for me?
> 
> There are a few mentioned on the shibboleth web site.
> 
> But I thought Tom Poage had already given you the answer and you
> already found the docs in the wiki?
> It's hard to be more specific when you don't mention what exactly is
> unclear or what didn't work, how you tried it, what error messages you
> had (in a log file or browser window), etc.  The easy steps are:
> 
> * You'll need SAML 2.0 metadata for their SP and load it into your IDP
>  (two steps, we can only help with the second, see below)
> 
> * If you insist on using the ACS URL they gave you, the page you
>  referenced in the wiki[1] shows that you can use the 'shire'
>  parameter for this (but you don't need to, as the IdP will find it
>  based on the metadata you gave it, see above)
> 
> Based on what you (and Tom) sent it should be something like
> 
> https://idp.elon.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=<ENTITYID-OF-THAT-SP>&shire=https://dev.axiommentor.us/login/singleSignOn.cfm&target=<URL-YOU-WANT-TO-END-UP>
> 
> To be correct you should urlencode everything after the SSO?
> (e.g. with help of some public service[2]) but with most browsers this
> won't make a functional difference.
> 
> Like the wiki states, everything but the providerId (which you didn't
> mention up to now) is optional. So what is this Service Provider's
> entityID (look for "entityID=" in the SAML2.0 metadata describing that
> SP).
> 
> If you don't have SAML metadata for this SP we can help putting it
> together, but (a) we cannot guess the providerId and (b) it is
> actually is the provider's job to give you this.
> -peter
> 
> [1] https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO
> [2] http://meyerweb.com/eric/tools/dencoder/ or search the web for urlcode
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list