Configure Shibboleth-SP-2.3.1 with DS-1.1.3.

Nikethan Raja nikethan at
Mon Jan 23 21:49:19 GMT 2012

The same SP 2.3.1 works with out any issues with idp-2.1.5, with out DS is

With  the following SessionInitiator configured on SP Side.

<SessionInitiator type="SAML2" Location="/Login" isDefault="true"
defaultACSIndex="1" id="IdpShib" entityID="" template="bindingTemplate.html"/>

We have been working with out Discovery Service for a while (with SP 2.3.1
and Idp 2.1.5). But now  are trying to federate with another Idp in our
organization. So we  would like to introduce Discovery Service so  users
can choose  between Idp's.

Platform information:
SP 2.3.1 on Apache/2.2.14 (Unix)  with Red Hat Enterprise Linux Server
release 5.3
Idp  2.1.5 on Tomcat 6.0 with Red Hat Enterprise Linux Server release 5.3

On Mon, Jan 23, 2012 at 1:09 PM, Cantor, Scott <cantor.2 at> wrote:

> > Session Initiator configuration  on Shibboleth-SP-2.3.1 Side: (in
> > shibboleth2.xml)
> 2.3.1 has a critical security bug, so I hope you're not serious unless
> this is a backported Debian or something.
> > After configuration of SP and DS, we were able to select the idp on the
> "Idp
> > selection/discovery" page and the user is redirected to the following
> URL.
> > But SP complaints that URL(
> > does not exist.
> Then the SP isn't configured or working, irrespective of the DS. Get it
> working with one IdP first. If the handlerURL is returning that, things
> aren't really set up yet. You provided no platform information, so there's
> nothing else I can say about causes.
> > Is there any additional configuration on SP ?
> No.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list