Problem configuring and IdP to support anonymous relying parties
Cantor, Scott
cantor.2 at osu.edu
Thu Sep 1 18:10:46 BST 2011
On 9/1/11 1:05 PM, "Jon Warbrick" <jw35 at cam.ac.uk> wrote:
>
>I've added the various <ProfileConfiguration> elements to the
><AnonymousRelyingParty> section of relying-party.xml, and that seems to
>be
>sufficient to allow an authentication request to proceed, but a
>subsequent
>attribute request fails with "Authentication via client certificate
>failed
>for context presenter entity ID ...", followed by "Message did not meet
>security requirements". This isn't entirely surprising, since the SP is
>using a self-signed certificate and, without metadata, the IdP has no way
>to validate it, but it's not what I want. What am I not doing to also
>allow attribute queries from anonymous SPs?
Possible guess...define a custom security policy and link that to the
profile handler in the Anonymous block?
-- Scott
More information about the users
mailing list