Help configuring custom relying party for a relaystate url

Karla Borecky kborecky at smith.edu
Tue Aug 20 12:18:01 EDT 2013 

Well, I did ask them to give me metadata, and they didn't really know how
to generate it. I had to give them examples of what it should have. After
it looked sort of OK, I configured everything for them the way I usually do
- and used the aacli shell script to make sure it was giving them
attributes etc. - but still it just displayed the IdP metadata when you
went to the site.

Maybe I should just punt and tell them we want to do LDAP. They really
don't seem to know at all how their process works under the hood, and I'm
tired of guessing.


On Tue, Aug 20, 2013 at 11:28 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 8/20/13 11:24 AM, "Karla Borecky" <kborecky at smith.edu> wrote:
>
> >I am working with a vendor who has just given me these two urls: one is
> >the "service" url, the other is the "consume" url - and said that
> >previously, that's all they gave people and it would work. No metadata,
> >so I believe I am correct in thinking I need
> > to create a custom relying party section for them.
>
> No. You need metadata for them, which you should supply in a file with
> metadata for all such unmanaged partners, and then just load it. You don't
> need other special rules.
>
> >But using the SAML2SSOProfile doesn't seem to work. When I go to their
> >test site, it just brings up our IdP's metadata. I assume that's because
> >it doesn't know what to do with the rest of the URL, maybe? The resulting
> >url looks like this:
>
> That's not a valid endpoint at the IdP. That you'll have to take up with
> them, it's not up to your IdP how the requests are generated.
>
> >I've tried to figure out how to configure the relying party to work with
> >a relaystate url, if that is what I should be doing, but the only
> >references I could find had an RPID in their relaystate string - which
> >they don't have.
>
> None of that is relevant to the issue.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
Karla Borecky
Systems Administrator
ITS
Smith College
Northampton, MA 01063
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130820/b47f6f00/attachment-0001.html

More information about the users mailing list