Unable to establish security of incoming assertion.
Pavan K
pavanonnet1986 at gmail.com
Tue Sep 13 01:29:08 BST 2011
Thank you Sangeet. Do we need to specify SP entityID anywhere in IDP
metadata? I used the same configuration as you mentioned but didn't work.
--Pavan
On Wed, Sep 7, 2011 at 4:57 AM, Sangeet Mehta (UST, IND) <
Sangeet.Mehta at ust-global.com> wrote:
> Pavan,****
>
> ** **
>
> In my case for the shibboleth2.xml****
>
> ** **
>
> SP is specified in ****
>
> <ApplicationDefaults entityID="*https://my.domain.com/shibboleth*"
> attributePrefix="AJP_">****
>
> ** **
>
> IDP is specified in****
>
> <SSO entityID="*https://my.domain.com:8443/idp/shibboleth*"> SAML2
> SAML1 </SSO>****
>
> ** **
>
> Thanks****
>
> sangeet****
>
> ** **
>
> ** **
>
> *From:* users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
> *On Behalf Of *Pavan K
> *Sent:* Wednesday, September 07, 2011 6:13 AM
> *To:* Shib Users
> *Subject:* Re: Unable to establish security of incoming assertion.****
>
> ** **
>
> Thank you Nate.****
>
> ** **
>
> IDP's metadata has successfully loaded into SP. I found the related
> messages in "shibd.log". And "entity ID in IDP's metadata is "https://<machineA>:8443/idp/shibboleth".
> Is there any specific restrcition on "entityId" of "<ApplicationDefaults>"
> in "shibboleth2.xml" file in SP? ****
>
> ** **
>
> Thanks,****
>
> Pavan****
>
> On Tue, Sep 6, 2011 at 5:36 PM, Nate Klingenstein <ndk at internet2.edu>
> wrote:****
>
> Pavan,****
>
> ** **
>
> You need to ensure that your SP is loading your IdP's metadata, and that
> the EntityDescriptor entityID in your IdP's metadata is https://<machineA>:8443/idp/shibboleth.
> You may find a problem related to failure to load the metadata during
> startup of your SP.****
>
> ** **
>
> Hope this helps,****
>
> Nate.****
>
> ** **
>
> On Sep 7, 2011, at 0:27 , Pavan K wrote:****
>
>
>
> ****
>
> Do we need to load the SP metadata on IDP? Is there any configuration i am
> missing?****
>
> ** **
>
> ** **
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net****
>
> ** **
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110912/de51952c/attachment.html
More information about the users
mailing list