Unable to establish security of incoming assertion.
Sangeet Mehta (UST, IND)
Sangeet.Mehta at ust-global.com
Wed Sep 7 12:57:30 BST 2011
Pavan,
In my case for the shibboleth2.xml
SP is specified in
<ApplicationDefaults entityID="https://my.domain.com/shibboleth"
attributePrefix="AJP_">
IDP is specified in
<SSO entityID="https://my.domain.com:8443/idp/shibboleth"> SAML2 SAML1
</SSO>
Thanks
sangeet
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Pavan K
Sent: Wednesday, September 07, 2011 6:13 AM
To: Shib Users
Subject: Re: Unable to establish security of incoming assertion.
Thank you Nate.
IDP's metadata has successfully loaded into SP. I found the related
messages in "shibd.log". And "entity ID in IDP's metadata is
"https://<machineA>:8443/idp/shibboleth". Is there any specific
restrcition on "entityId" of "<ApplicationDefaults>" in
"shibboleth2.xml" file in SP?
Thanks,
Pavan
On Tue, Sep 6, 2011 at 5:36 PM, Nate Klingenstein <ndk at internet2.edu>
wrote:
Pavan,
You need to ensure that your SP is loading your IdP's metadata, and that
the EntityDescriptor entityID in your IdP's metadata is
https://<machineA>:8443/idp/shibboleth. You may find a problem related
to failure to load the metadata during startup of your SP.
Hope this helps,
Nate.
On Sep 7, 2011, at 0:27 , Pavan K wrote:
Do we need to load the SP metadata on IDP? Is there any configuration i
am missing?
--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110907/a1f96990/attachment.html
More information about the users
mailing list