Enabling ECP in SP 2.4.3

Tom Mitchell tmitchel at bbn.com
Sat Sep 10 12:24:39 BST 2011

On Sep 9, 2011, at 8:31 PM, Cantor, Scott wrote:

> On 9/9/11 8:16 PM, "Tom Mitchell" <tmitchel at bbn.com> wrote:
>> Finally, I see the open bug (SSPCPP-371) with what amounts to the same
>> information. I tried the additional suggestion by Scott Cantor (adding
>> ECP="true") to the SSO tag and that doesn't seem to work.
> Also does.

You're right, it does.

>> I am using two methods to test: the sample bash ECP client script
>> (ecp.sh) on the Contributions wiki page, and manual testing using curl
>> (based on ecp.sh and a cursory read of the relevant portion of the spec).
>> What I see instead of an ECP-like response from my SP is the HTML
>> redirecting to my discovery service.
>> Any suggestions? Tips? Pointers?
> Well, you're not sending the right HTTP headers, basically. If they're
> sent, it will work.

Actually, I think I was sending the right headers (Accept and PAOS), copied right out of the spec. But I was fetching the wrong URL. The example in the spec (Sec. shows a fetch of "/secure/". I was trying to fetch an application page ("/secure/env.php"). Switching to "/secure/" allowed both my manual test and the ecp.sh script to work.

Maybe I'm just not good at reading specs, but section 2.3.1 says "the client makes an arbitrary HTTP request to a service provider for a resource". So I thought it was reasonable to request my application page instead of the literal "/secure/". What did I miss?


More information about the users mailing list