Enabling ECP in SP 2.4.3

Cantor, Scott cantor.2 at osu.edu
Sat Sep 10 01:31:31 BST 2011

On 9/9/11 8:16 PM, "Tom Mitchell" <tmitchel at bbn.com> wrote:
>There doesn't appear to be too much information about enabling ECP in the
>SP on the wiki. I see the NativeSPServiceSSO wiki page that seems to
>indicate that ECP is automatically enabled when SAML2 is present, but
>that doesn't appear to work.

The documentation is incorrect, but the bug that prevents it from being
enabled in the expected way was fixed in that version.

> I also used the more verbose syntax in shibboleth2.xml to enable ECP via
>an md:AssertionConsumerService and the ECP="true" attribute on the SAML2
>SessionInitiator (per the wiki and an email thread in May, 2011 on this
>mailing list).  That also does not appear to work.

It does.

> Finally, I see the open bug (SSPCPP-371) with what amounts to the same
>information. I tried the additional suggestion by Scott Cantor (adding
>ECP="true") to the SSO tag and that doesn't seem to work.

Also does.

>I am using two methods to test: the sample bash ECP client script
>(ecp.sh) on the Contributions wiki page, and manual testing using curl
>(based on ecp.sh and a cursory read of the relevant portion of the spec).
>What I see instead of an ECP-like response from my SP is the HTML
>redirecting to my discovery service.
>Any suggestions? Tips? Pointers?

Well, you're not sending the right HTTP headers, basically. If they're
sent, it will work.

-- Scott

More information about the users mailing list