Problem configuring and IdP to support anonymous relying parties
Chad La Joie
lajoie at itumi.biz
Thu Sep 1 18:34:49 BST 2011
Yes, that's what you'd have to do.
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
On Sep 1, 2011, at 1:10 PM, Cantor, Scott wrote:
> On 9/1/11 1:05 PM, "Jon Warbrick" <jw35 at cam.ac.uk> wrote:
>>
>> I've added the various <ProfileConfiguration> elements to the
>> <AnonymousRelyingParty> section of relying-party.xml, and that seems to
>> be
>> sufficient to allow an authentication request to proceed, but a
>> subsequent
>> attribute request fails with "Authentication via client certificate
>> failed
>> for context presenter entity ID ...", followed by "Message did not meet
>> security requirements". This isn't entirely surprising, since the SP is
>> using a self-signed certificate and, without metadata, the IdP has no way
>> to validate it, but it's not what I want. What am I not doing to also
>> allow attribute queries from anonymous SPs?
>
> Possible guess...define a custom security policy and link that to the
> profile handler in the Anonymous block?
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list