CAS Shib issues
ndk at internet2.edu
Fri Sep 16 19:13:08 BST 2011
For standard Shibboleth rather than CASShib, the endpoint as described
in the metadata would be correct. The first one, in the request as
generated by Shibboleth for CASShib I presume, may or may not be
correct -- it's not our code nor our product. From a quick glance at
their guide at:
It would be the special Sessions element handlerURL described there
that is causing the mismatch.
I don't have the spare cycles at this very moment to investigate how
CASShib works in more detail, but you can try modifying the SP
metadata as loaded by the IdP so that the AssertionConsumerService
Location attribute matches that in the AuthnRequest, e.g. https://myunbtest.its.unb.ca/casshib/shib/myunb/Shibboleth.sso/SAML2/POST
<AssertionConsumerService index="1" isDefault="true"
That will resolve the immediate complaint of the IdP. You may
encounter other issues. If they're primarily related to CASShib, then
you might try their mailing list at:
How I wish I was in Sherbrooke now,
On Sep 16, 2011, at 17:51 , Terry Soucy wrote:
> We just installed our first IdP (latest version) and SP (again, latest
> version in the yum repository) and are having some issues with the
> CASShib module. We are able to auth to the IdP without error with
> apache, but once we put CASShib into the mix, we get errors.
> The assertion is telling the IdP that the endpoint is
> but the metadata says that the ACS is
> https://myunbtest.its.unb.ca/Shibboleth.sso/SAML2/POST. We tried
> modifying the handlerURL on the SP, but that doesn't update the
> information. What are we missing?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users