Shibboleth setup.. So close but can use some help..

[Cantor, Scott]

On 9/23/11 4:12 PM, "Garry Boyce" <gboyce at cambridgesemantics.com> wrote:
>
>should these match and if so what should they match to? The Shibboleth.sso
>one or the idp/profile?

They should not match, they have nothing to do with each other. That is
not the issue. The issue, which I will repeat, is that the SP is
requesting the response go to a location that is not in its metadata.

The root cause could be the metadata itself not being correctly loaded or
used by the IdP, which is why I'm trying to address the names overlapping
in case that's involved, because I think it is.

>Unfortunately I don't have 2 servers right now and that is likely the
>situation that most people will have initially.

I don't agree, but it doesn't change anything. I didn't say to split them,
I said it will be a mess, and that you'd better not use the same entityID
for both. An entityID is a name, it is not a location, and it certainly
isn't a hostname. Nothing anywhere should be implying that using the same
entityID is a good idea. If you got that idea somewhere, it's wrong.

The log output you posted looks impossible to me, it's missing log
entries. That tells me something is very wrong, and my working assumption
is that using the same entityID for both is hiding the SP's metadata in
some way from the IdP.

-- Scott