Salesforce with Shibboleth IdP

Christopher Bongaarts cab at umn.edu
Mon Jun 11 18:14:30 BST 2012


On 6/11/2012 11:52 AM, Andrew Morgan wrote:
> On Fri, 8 Jun 2012, Peter Schober wrote:
>
>> * Andrew Morgan <morgan at orst.edu> [2012-06-07 18:42]:
>>>     Login Error
>>>     Your login attempt using single sign-on with an identity provider
>>>     certificate has failed. Please contact your salesforce.com administrator
>>>     for more information.
>>
>> If all else fails you could try just that?
>> -peter
>
> Unfortunately, my co-worker is the administrator and we are both trying to
> understand what is going wrong!  :)
>
> We have tried using Salesforce's SAML assertion validator, but that
> doesn't raise any errors.  I was hoping someone might have experience with
> Salesforce, or at least have a working Shibboleth-Salesforce setup that I
> could compare against.

We have encryption turned off for them via relying-party.xml:

     <RelyingParty id="https://xxxx.my.salesforce.com"
         provider="https://idp-test.shib.umn.edu/idp/shibboleth"
         defaultSigningCredentialRef="IdPCredential">
         <ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
                               encryptAssertions="never"
                               encryptNameIds="never" />
     </RelyingParty>



-- 
%%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%




More information about the users mailing list