Shibboleth setup.. So close but can use some help..

Garry Boyce gboyce at cambridgesemantics.com
Fri Sep 23 21:12:45 BST 2011 

In /opt/shibboleth-idp/

[root at csisupport metadata]# grep "SAML2/POST" *
idp-metadata.xml:
Location="https://csisupport.cambridgesemantics.com/idp/profile/SAML2/POST/S
SO" />
idp-metadata.xml:
Location="https://csisupport.cambridgesemantics.com/idp/profile/SAML2/POST-S
impleSign/SSO" />
sp-metadata.xml:
Location="https://csisupport.cambridgesemantics.com/Shibboleth.sso/SAML2/POS
T"
sp-metadata.xml:
Location="https://csisupport.cambridgesemantics.com/Shibboleth.sso/SAML2/POS
T-SimpleSign"

should these match and if so what should they match to? The Shibboleth.sso
one or the idp/profile?

Unfortunately I don't have 2 servers right now and that is likely the
situation that most people will have initially.

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On
Behalf Of Cantor, Scott
Sent: Friday, September 23, 2011 4:08 PM
To: users at shibboleth.net
Subject: Re: Shibboleth setup.. So close but can use some help..

On 9/23/11 3:58 PM, "Garry Boyce" <gboyce at cambridgesemantics.com> wrote:

>entityID="https://csisupport.cambridgesemantics.com/idp/shibboleth"

That is exactly why you don't run them on the same host, particularly to
start with. You should also not use the same entityID for both IdP and SP.
That way lies total confusion.

>
>Also I see
>            <AssertionConsumerService

Those are the URLs it's validating against, eventually anyway. I don't think
it's getting that far.

>14:31:03.816 - ERROR
>[edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHan
>dle
>r:
>429] - No return endpoint available for relying party 
>https://csisupport.cambridgesemantics.com/idp/shibboleth

There's something wrong with the metadata. I would use different names for
the IdP and SP, and try and make more sense of the log output then. You
might also post more of the metadata. Something just isn't right with it.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net

More information about the users mailing list