Shibboleth setup.. So close but can use some help..

[Cantor, Scott]

On 9/23/11 2:21 PM, "Garry Boyce" <gboyce at cambridgesemantics.com> wrote:

>Peter I agree in concept however what I needed was a step by step for a
>simple installation of and idp and sp on the same box. I could not find
>that
>in official documentation. Did I miss something?

Both the IdP and SP documentation include basic steps for initial setup.
Doing it on the same box generally leads to a lot of mess and confusion,
so is not encouraged in general. A basic recipe is also what testshib.org
does a good job of supplying.

>5) https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAddIdP
>also
>references a SessionInitiator which I don't see in shibboleth2.xml. And
>it's
>not clear for my simple case what I need here.

Yes, I'll update it, thanks for noting that.

>The prior instructions I was following also refers to a RequestMap which I
>don't see how or if I should configure.

You don't use it with Apache. If you're following official documentation
and it leads you to assume you do, identify it and I'll see about fixing
it. I tried to get everything consistently steered toward not using it
with Apache.

>Just in case(but it made no difference) I put in:

If you're using the SP and you start a sentence with "Just in case",
generally it's going to end badly.

>I'm really stuck. Please help..

Your original question was answered, and accurately. I believe it's also
in the common errors page for the IdP. SP requests response go to URL "X"
and that URL isn't in its metadata as a valid AssertionConsumerService.
Probably an entityID is wrong, or a hostname's not lining up, or it's http
instead of https, or other possibilities.

-- Scott