Shibboleth setup.. So close but can use some help..
gboyce at cambridgesemantics.com
Fri Sep 23 21:12:45 BST 2011
[root at csisupport metadata]# grep "SAML2/POST" *
should these match and if so what should they match to? The Shibboleth.sso
one or the idp/profile?
Unfortunately I don't have 2 servers right now and that is likely the
situation that most people will have initially.
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On
Behalf Of Cantor, Scott
Sent: Friday, September 23, 2011 4:08 PM
To: users at shibboleth.net
Subject: Re: Shibboleth setup.. So close but can use some help..
On 9/23/11 3:58 PM, "Garry Boyce" <gboyce at cambridgesemantics.com> wrote:
That is exactly why you don't run them on the same host, particularly to
start with. You should also not use the same entityID for both IdP and SP.
That way lies total confusion.
>Also I see
Those are the URLs it's validating against, eventually anyway. I don't think
it's getting that far.
>14:31:03.816 - ERROR
>429] - No return endpoint available for relying party
There's something wrong with the metadata. I would use different names for
the IdP and SP, and try and make more sense of the log output then. You
might also post more of the metadata. Something just isn't right with it.
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
More information about the users