Shibboleth setup.. So close but can use some help..

Garry Boyce gboyce at
Fri Sep 23 21:55:11 BST 2011

                         REMOTE_USER="eppn persistent-id targeted-id">

Seems to have resolved the issue finally 

So to recap

also all the urls in this file have your address and /idp

entityID="" (which is
different for idp's entity id above)

also all urls in this file have your address and /Shibboleth.sso (i.e: not


Note: I got endpoint errors after login when this had /idp/shibboleth

<SSO entityID=""

Note: This seems to need /idp otherwise I get errors about no metadata and
never get to login screen (I assume this means that this entityID must be
the same as the idp entity id

-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On
Behalf Of Cantor, Scott
Sent: Friday, September 23, 2011 4:32 PM
To: users at
Subject: Re: Shibboleth setup.. So close but can use some help..

On 9/23/11 4:25 PM, "James Bardin" <jbardin at> wrote:

>On Fri, Sep 23, 2011 at 4:12 PM, Garry Boyce 
><gboyce at> wrote:
>> Unfortunately I don't have 2 servers right now and that is likely the 
>> situation that most people will have initially
>If you're not making progress, I would recommend setting up your SP and 
>IdP separately against

I'm pretty sure he did, or at least the SP metadata in question looks it.

And I'm pretty convinced that what's happening is that the IdP loading its
own metadata is masking the SP metadata with the same entityID in it. I
don't know why the error message is exactly what it is, but I'm pretty sure
the SP metadata is invisible here.

-- Scott

To unsubscribe from this list send an email to
users-unsubscribe at

More information about the users mailing list