Enabling ECP in SP 2.4.3

Tom Mitchell tmitchel at bbn.com
Sat Sep 10 01:16:28 BST 2011

I am trying to play with ECP in the Shibboleth SP (v2.4.3) and I'm not having much success.

There doesn't appear to be too much information about enabling ECP in the SP on the wiki. I see the NativeSPServiceSSO wiki page that seems to indicate that ECP is automatically enabled when SAML2 is present, but that doesn't appear to work. I also used the more verbose syntax in shibboleth2.xml to enable ECP via an md:AssertionConsumerService and the ECP="true" attribute on the SAML2 SessionInitiator (per the wiki and an email thread in May, 2011 on this mailing list).  That also does not appear to work. Finally, I see the open bug (SSPCPP-371) with what amounts to the same information. I tried the additional suggestion by Scott Cantor (adding ECP="true") to the SSO tag and that doesn't seem to work.

I am using two methods to test: the sample bash ECP client script (ecp.sh) on the Contributions wiki page, and manual testing using curl (based on ecp.sh and a cursory read of the relevant portion of the spec). What I see instead of an ECP-like response from my SP is the HTML redirecting to my discovery service.

Any suggestions? Tips? Pointers?


More information about the users mailing list