Unable to establish security of incoming assertion.

Sangeet Mehta (UST, IND) Sangeet.Mehta at ust-global.com
Wed Sep 7 12:57:30 BST 2011



In my case for the shibboleth2.xml


SP is specified in 

<ApplicationDefaults      entityID="https://my.domain.com/shibboleth"


IDP is specified in

  <SSO entityID="https://my.domain.com:8443/idp/shibboleth"> SAML2 SAML1






From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Pavan K
Sent: Wednesday, September 07, 2011 6:13 AM
To: Shib Users
Subject: Re: Unable to establish security of incoming assertion.


Thank you Nate.


IDP's metadata has successfully loaded into SP. I found the related
messages in "shibd.log". And "entity ID in IDP's metadata is
"https://<machineA>:8443/idp/shibboleth". Is there any specific
restrcition on "entityId" of "<ApplicationDefaults>" in
"shibboleth2.xml" file in SP? 




On Tue, Sep 6, 2011 at 5:36 PM, Nate Klingenstein <ndk at internet2.edu>



You need to ensure that your SP is loading your IdP's metadata, and that
the EntityDescriptor entityID in your IdP's metadata is
https://<machineA>:8443/idp/shibboleth.  You may find a problem related
to failure to load the metadata during startup of your SP.


Hope this helps,



On Sep 7, 2011, at 0:27 , Pavan K wrote:

Do we need to load the SP metadata on IDP? Is there any configuration i
am missing?



To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110907/a1f96990/attachment.html 

More information about the users mailing list