Problem configuring and IdP to support anonymous relying parties

Cantor, Scott cantor.2 at
Thu Sep 1 18:10:46 BST 2011

On 9/1/11 1:05 PM, "Jon Warbrick" <jw35 at> wrote:
>I've added the various <ProfileConfiguration> elements to the
><AnonymousRelyingParty> section of relying-party.xml, and that seems to
>sufficient to allow an authentication request to proceed, but a
>attribute request fails with "Authentication via client certificate
>for context presenter entity ID ...", followed by "Message did not meet
>security requirements". This isn't entirely surprising, since the SP is
>using a self-signed certificate and, without metadata, the IdP has no way
>to validate it, but it's not what I want. What am I not doing to also
>allow attribute queries from anonymous SPs?

Possible guess...define a custom security policy and link that to the
profile handler in the Anonymous block?

-- Scott

More information about the users mailing list