Shibboleth 2.4.3 SAML2 and WAYF

Cantor, Scott cantor.2 at
Fri Jan 13 19:05:00 GMT 2012

On 1/13/12 1:56 PM, "Law, Bob" <Robert.Law at> wrote:

>I have added the Handler and SessionInitiator tags as described in
>section 3.1.2 SP installed prior to version 2.4.  They look like this in
>my shibboleth2.xml file (actual https://url been changed for security

A SessionInitiator has to be inside a full chain of handlers that drive
which protocols are supported and then have a discovery handler at the
end. Or you have to use the new <SSO> element syntax that is used in 2.4
by default, and then there are no SessionInitiator elements at all.

All top level handlers always have a Location property to tell the SP how
they get invoked, but you can't do this with a top level handler anyway.

>What am I doing wrong to get the "no Location property" error?  Am I
>missing the boat completely?

Config wise, yes.

If you're getting the deperecation warning, then this is a legacy
configuration and you need to switch the SessionInitiator in the existing
chain used by the deployment, whatever that happens to be, from WAYF to
SAMLDS. It will be at the end of the chain.

-- Scott

More information about the users mailing list