IdP initiated SSO
Mike Flynn
shibbolethlynda at yahoo.com
Thu Feb 7 16:23:09 EST 2013
Thanks. That leads me to the next item:
Unable to locate satisfiable bearer SubjectConfirmation in assertion.
Googling that produced a lot of code samples that generate the message but little else...
________________________________
From: Brent Putman <putmanb at georgetown.edu>
To: users at shibboleth.net
Sent: Thursday, February 7, 2013 1:08 PM
Subject: Re: IdP initiated SSO
On 2/7/13 3:43 PM, Mike Flynn wrote:
The Idp tried both of these:
><saml:Conditions NotBefore="2013-02-07T19:51: 27Z" NotOnOrAfter="2013-02-07T19: 57:27Z">
><AudienceRestriction>
><Audience>https://shib.lynda.com/shibboleth-sp</Audience>
></AudienceRestriction>
></saml:Conditions>
>
>Or:
>
><saml:Conditions NotBefore="2013-02-07T19:46: 48Z" NotOnOrAfter="2013-02-07T19: 52:48Z">
><AudienceRestrictionCondition>
><Audience>https://shib.lynda.com/shibboleth-sp</Audience>
></ AudienceRestrictionCondition>
></saml:Conditions>
>And gets this error with either one:
>xmltooling:: UnmarshallingException at (https://shib.lynda.com/ Shibboleth.sso/SAML2/POST)
>Invalid child element: AudienceRestriction
It's missing the namespace prefix. If they're binding the SAML
namespace URI to prefix "saml", then those elements would be
saml:AudienceRestriction, saml:Audience, etc.
AudienceRestrictionCondition doesn't exist in SAML. It should be
similar to the first one you have above.
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130207/c9494973/attachment-0001.html
More information about the users
mailing list