Shibboleth setup.. So close but can use some help..
gboyce at cambridgesemantics.com
Fri Sep 23 21:55:11 BST 2011
REMOTE_USER="eppn persistent-id targeted-id">
Seems to have resolved the issue finally
So to recap
also all the urls in this file have your address and /idp
entityID="https://csisupport.cambridgesemantics.com/shibboleth" (which is
different for idp's entity id above)
also all urls in this file have your address and /Shibboleth.sso (i.e: not
Note: I got endpoint errors after login when this had /idp/shibboleth
Note: This seems to need /idp otherwise I get errors about no metadata and
never get to login screen (I assume this means that this entityID must be
the same as the idp entity id
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On
Behalf Of Cantor, Scott
Sent: Friday, September 23, 2011 4:32 PM
To: users at shibboleth.net
Subject: Re: Shibboleth setup.. So close but can use some help..
On 9/23/11 4:25 PM, "James Bardin" <jbardin at bu.edu> wrote:
>On Fri, Sep 23, 2011 at 4:12 PM, Garry Boyce
><gboyce at cambridgesemantics.com> wrote:
>> Unfortunately I don't have 2 servers right now and that is likely the
>> situation that most people will have initially
>If you're not making progress, I would recommend setting up your SP and
>IdP separately against testshib.org.
I'm pretty sure he did, or at least the SP metadata in question looks it.
And I'm pretty convinced that what's happening is that the IdP loading its
own metadata is masking the SP metadata with the same entityID in it. I
don't know why the error message is exactly what it is, but I'm pretty sure
the SP metadata is invisible here.
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
More information about the users