IdP initiated SSO

Mike Flynn shibbolethlynda at
Thu Feb 7 14:37:57 EST 2013

OK I dug up the setting in the Wiki, re-tested and we get this error:

The system encountered an error at Thu Feb 07 11:26:17 2013
To report this problem, please contact the site administrator at mflynn at
Please include the following message in any email:
xmltooling::ValidationException at (
AudienceRestriction must have at least one Audience

Googling around with that, I assume the entityID for the request as the value for this should work, correct?

 From: "Cantor, Scott" <cantor.2 at>
To: Shib Users <users at> 
Sent: Thursday, February 7, 2013 11:07 AM
Subject: RE: IdP initiated SSO
> Are you saying that there is something in IIS that I can adjust to get
> something to show in the event logs for this error?  I checked all the event
> logs as well as all of the shib logs and I got nothin'

I don't know if you're the one feeding the response into the browser to test it, but whoever is should either get some kind of technical error from the SP (using the sessionError template) or IIS is masking that and returning a vanilla 500. That's usual by default, it has a setting to hide detailed error information. I believe I found the name of the setting and put it in the IIS 7 install page in the wiki.

So yes, possibly it's hiding something useful.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list