DS: The return URL could not be verified for Service Provider
jehan procaccia
jehan.procaccia at it-sudparis.eu
Fri Nov 18 21:34:48 GMT 2011
hello,
I upgraded my SP to shibboleth-2.4.3-3.1.i686 on a centos6 plateform .
I configured a SessionInitiator DS for a specific application this way:
<SessionInitiator type="Chaining" Location="/DS" id="DS"
isDefault="true" relayState="cookie">
<SessionInitiator type="SAML2" acsIndex="1"
template="bindingTemplate.html"/>
<SessionInitiator type="Shib1" acsIndex="5"/>
<SessionInitiator type="SAMLDS"
URL="https://shibds.it-sudparis.eu/wayfdsit/WAYF.php"/>
</SessionInitiator>
when I try to login I immediatly end up on the DS responding on the browser:
Error: Invalid Query
The return URL 'https://www-public.it-sudparis.eu/Shibboleth.sso/DS'
could not be verified
for Service Provider 'https://www-public.it-sudparis.eu/shibboleth'.
I cannot figure out what is wrong, is it the SP session initiator ?, the
metadata ?, switch DS implementation ?
or the way the application (dokuwiki) initiates the session:
<a
href='https://www-public.it-sudparis.eu/Shibboleth.sso/DS?target=http://www-public.it-sudparis.eu/~procacci/dok/'>Login</a>
on the same sever, an another dokuwiki instance calling an older WAYF,
works file
<!-- manually defined additional DS initiators - without isDefault and
with custom IDs and Locations -->
<SessionInitiator type="Chaining" Location="/WAYFMT" id="WAYFMT"
relayState="cookie">
<SessionInitiator type="SAML2" acsIndex="1"
template="bindingTemplate.html"/>
<SessionInitiator type="Shib1" acsIndex="5"/>
<SessionInitiator type="WAYF" acsIndex="5"
URL="https://shibidp1.it-sudparis.eu/WAYFMT/WAYF.php"/>
</SessionInitiator>
thanks for your help .
More information about the users
mailing list