IdP initiated SSO
Brent Putman
putmanb at georgetown.edu
Thu Feb 7 16:08:46 EST 2013
On 2/7/13 3:43 PM, Mike Flynn wrote:
> |The Idp tried both of these:|
> |
> <saml:Conditions NotBefore="2013-02-07T19:51:27Z"
> NotOnOrAfter="2013-02-07T19:57:27Z">
> <AudienceRestriction>
> <Audience>_https://shib.lynda.com/shibboleth-sp_</Audience>
> </AudienceRestriction>
> </saml:Conditions>
>
> Or:
>
> <saml:Conditions NotBefore="2013-02-07T19:46:48Z"
> NotOnOrAfter="2013-02-07T19:52:48Z">
> <AudienceRestrictionCondition>
> <Audience>_https://shib.lynda.com/shibboleth-sp_</Audience>
> </AudienceRestrictionCondition>
> </saml:Conditions>
> And gets this error with either one:
> xmltooling::UnmarshallingException at
> (https://shib.lynda.com/Shibboleth.sso/SAML2/POST
> <https://shib.lynda.com/Shibboleth.sso/SAML2/POST>)
> Invalid child element: AudienceRestriction|
It's missing the namespace prefix. If they're binding the SAML
namespace URI to prefix "saml", then those elements would be
saml:AudienceRestriction, saml:Audience, etc.
AudienceRestrictionCondition doesn't exist in SAML. It should be similar
to the first one you have above.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130207/f9fd27eb/attachment.html
More information about the users
mailing list