IdP initiated SSO
Mike Flynn
shibbolethlynda at yahoo.com
Thu Feb 7 15:43:16 EST 2013
OK, I used this example for the IDp:
<ConditionsNotBefore="2007-02-07T20:22:58.162Z"NotOnOrAfter="2007-02-07T20:24:58.162Z"><AudienceRestrictionCondition><Audience>http://www.example2.com</Audience> </AudienceRestrictionCondition></Conditions>
The Idp tried both of these:
<saml:Conditions NotBefore="2013-02-07T19:51:27Z" NotOnOrAfter="2013-02-07T19:57:27Z">
<AudienceRestriction>
<Audience>https://shib.lynda.com/shibboleth-sp</Audience>
</AudienceRestriction>
</saml:Conditions>
Or:
<saml:Conditions NotBefore="2013-02-07T19:46:48Z" NotOnOrAfter="2013-02-07T19:52:48Z">
<AudienceRestrictionCondition>
<Audience>https://shib.lynda.com/shibboleth-sp</Audience>
</AudienceRestrictionCondition>
</saml:Conditions>
And gets this error with either one:
xmltooling::UnmarshallingException at (https://shib.lynda.com/Shibboleth.sso/SAML2/POST)
Invalid child element: AudienceRestriction
________________________________
From: "Cantor, Scott" <cantor.2 at osu.edu>
To: Shib Users <users at shibboleth.net>
Sent: Thursday, February 7, 2013 11:40 AM
Subject: RE: IdP initiated SSO
> OK I dug up the setting in the Wiki, re-tested and we get this error:
Cool, or not so cool I suppose, that really should be getting logged. Sigh.
> AudienceRestriction must have at least one Audience
There's your bug then.
> Googling around with that, I assume the entityID for the request as the value
> for this should work, correct?
Yes, that's set to the entityID of your SP.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130207/fb8ff4de/attachment-0001.html
More information about the users
mailing list