Delegated Auth with

Cantor, Scott cantor.2 at
Thu Nov 3 21:12:05 GMT 2011

On 11/3/11 4:24 PM, "Eric Dalquist" <eric.dalquist at> wrote:

>You are more than welcome to poke at
> if you'd like. I've
>attached the shib config for the server (note my original email was
>about a target server named j2eedev and this is my-dev) just to make
>sure we're all on the same page.

Same thing for me when I add the headers. I just can't see anything wrong,
so we're into bug territory.

>We'll look into enabling the native log. Also we're not above manually
>adding logging to various places in the SP source (since we compile from
>source on Solaris) and recompiling to find out more of what is going on,
>we'd just need some pointers on where to add the logging :)

That's easy shibsp/handler/impl/SAML2SessionInitiator.cpp

The only decision point is self-evident, it's the top of the run() method,
first thing. You can easily log the request.getHeader() strings it's
searching in to find the two values. And dump the ECP flag setting of

-- Scott

More information about the users mailing list