Shibboleth setup.. So close but can use some help..

Garry Boyce gboyce at cambridgesemantics.com
Fri Sep 23 21:55:11 BST 2011 

    <ApplicationDefaults
entityID="https://csisupport.cambridgesemantics.com/shibboleth"
                         REMOTE_USER="eppn persistent-id targeted-id">

Seems to have resolved the issue finally 

So to recap
/opt/shibboleth-idp/metadata/idp-metadata.xml 
entityID="https://csisupport.cambridgesemantics.com/idp/shibboleth"

also all the urls in this file have your address and /idp

/opt/shibboleth-idp/metadata/sp-metadata.xml
entityID="https://csisupport.cambridgesemantics.com/shibboleth" (which is
different for idp's entity id above)

also all urls in this file have your address and /Shibboleth.sso (i.e: not
/idp)

/etc/shibboleth/shibboleth2.xml
<ApplicationDefaults
entityID="https://csisupport.cambridgesemantics.com/shibboleth"

Note: I got endpoint errors after login when this had /idp/shibboleth

<SSO entityID="https://csisupport.cambridgesemantics.com/idp/shibboleth"

Note: This seems to need /idp otherwise I get errors about no metadata and
never get to login screen (I assume this means that this entityID must be
the same as the idp entity id


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On
Behalf Of Cantor, Scott
Sent: Friday, September 23, 2011 4:32 PM
To: users at shibboleth.net
Subject: Re: Shibboleth setup.. So close but can use some help..

On 9/23/11 4:25 PM, "James Bardin" <jbardin at bu.edu> wrote:

>On Fri, Sep 23, 2011 at 4:12 PM, Garry Boyce 
><gboyce at cambridgesemantics.com> wrote:
>> Unfortunately I don't have 2 servers right now and that is likely the 
>> situation that most people will have initially
>
>If you're not making progress, I would recommend setting up your SP and 
>IdP separately against testshib.org.

I'm pretty sure he did, or at least the SP metadata in question looks it.

And I'm pretty convinced that what's happening is that the IdP loading its
own metadata is masking the SP metadata with the same entityID in it. I
don't know why the error message is exactly what it is, but I'm pretty sure
the SP metadata is invisible here.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net

More information about the users mailing list