No Peer Endpoint - At a loss
eweintra at jhmi.edu
Thu Nov 1 11:25:19 EDT 2012
Right, I changed it to POST in their config, and I get the error message about Error decoding authentication request message as follows:
10:58:17.558 - INFO [Shibboleth-Access:73] - 20121101T145817Z|10.186.64.218|shibpep.johnshopkins.edu:443|/profile/SAML2/POST/SSO|
10:58:17.568 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:314] - Error decoding authentication request message
org.opensaml.ws.message.decoder.MessageDecodingException: This message deocoder only supports the HTTP POST method
at org.opensaml.saml2.binding.decoding.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:82) [opensaml-2.3.0.jar:na]
<--TRIMMED STACK TRACE-->
-Etan E. Weintraub
Sr. Systems Engineer
IT at Johns Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Baltimore, MD 21209
E-mail: eweintra at jhmi.edu
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Thursday, November 01, 2012 11:24 AM
To: Shib Users
Subject: Re: No Peer Endpoint - At a loss
On 11/1/12 11:20 AM, "Etan Weintraub" <eweintra at jhmi.edu> wrote:
>I'll look into the log shrinking, what about the error decoding when I
>switch them to HTTP-POST though...any ideas on that?
What I said in the other emails. You can't just make the problem go away
with metadata. They're incorrectly requesting Redirect and I doubt very
much if the IdP supports the invalid choice of responding via Redirect.
That probably manifests as the original error you got, since the outgoing
binding choices in the IdP don't overlap with the request.
In short, it won't work. They have to use POST or Artifact and they have
to indicate that in the request.
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users