Problem configuring and IdP to support anonymous relying parties

Chad La Joie lajoie at
Thu Sep 1 18:34:49 BST 2011

Yes, that's what you'd have to do.

Chad La Joie
trusted identities, delivered

On Sep 1, 2011, at 1:10 PM, Cantor, Scott wrote:

> On 9/1/11 1:05 PM, "Jon Warbrick" <jw35 at> wrote:
>> I've added the various <ProfileConfiguration> elements to the
>> <AnonymousRelyingParty> section of relying-party.xml, and that seems to
>> be 
>> sufficient to allow an authentication request to proceed, but a
>> subsequent 
>> attribute request fails with "Authentication via client certificate
>> failed 
>> for context presenter entity ID ...", followed by "Message did not meet
>> security requirements". This isn't entirely surprising, since the SP is
>> using a self-signed certificate and, without metadata, the IdP has no way
>> to validate it, but it's not what I want. What am I not doing to also
>> allow attribute queries from anonymous SPs?
> Possible guess...define a custom security policy and link that to the
> profile handler in the Anonymous block?
> -- Scott
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list