DS: The return URL could not be verified for Service Provider

Cantor, Scott cantor.2 at osu.edu
Fri Nov 18 22:00:24 GMT 2011

On 11/18/11 4:34 PM, "jehan procaccia" <jehan.procaccia at it-sudparis.eu>

>when I try to login I immediatly end up on the DS responding on the
>Error: Invalid Query
>The return URL 'https://www-public.it-sudparis.eu/Shibboleth.sso/DS'
>could not be verified
>for Service Provider 'https://www-public.it-sudparis.eu/shibboleth'.

Your SP's metadata at the DS doesn't include the necessary
DiscoveryResponse extension endpoint. Allowing free access to the DS makes
it a cookie phishing service. Some people think that's fine, and some
don't happen to agree with them. Regardless, it's a DS setting as to
whether to allow it without checking the metadata.

>on the same sever, an another dokuwiki instance calling an older WAYF,
>works file

WAYF protocol != DS protocol.

-- Scott

More information about the users mailing list