Shibboleth 2.4.3 SAML2 and WAYF

[Law, Bob]

Unfortunately this is an old version of 1 from five or more years ago
that I upgraded to 2.2 two years ago.  Now due to needing to use SAML2,
we are upgrading to 2.4.  I have no idea whether or not my configuration
is correct any more after I have added the new lines into
shibboleth2.xml.  This is a self compiled version of shibboleth running
on Solaris 10.

Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at wolterskluwer.com
www.ovid.com


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 12:26 PM
To: users at shibboleth.net
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 2:15 PM, "Law, Bob" <Robert.Law at wolterskluwer.com> wrote:

>The first thing I tried was deleting my SessionInitiator and
>md:AssertionConsumerService replacing it with an SSO tag.  When I did
>that I got:

That suggests your SP is not running 2.4, actually. If it is (and it
probably is), there's a problem somewhere because its schemas are out of
date. Without knowing the platform and how it was upgraded, it's hard to
say, but I suspect that's a bad thing and you're going to need to
allocate
time at some point to do a complete refresh. In any case, the files are
mismatched at this point. How serious that might be is hard to guess.

If it's Linux, there might be a packaging problem I need to investigate.
If it's Windows, somebody mis-upgraded it at some point or did an
incomplete job. It would probably be worth doing a fresh unpack of the
postinstall.zip to try and correct that and make sure it's back in sync.

None of which means you have to fully upgrade the config or use the new
syntax, and I corrected the EDS documentation for the older one.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net