IdP initiated SSO

Mike Flynn shibbolethlynda at yahoo.com
Thu Feb 7 16:35:45 EST 2013 

This is what was sent:

<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
            <saml:SubjectConfirmationData NotOnOrAfter="" Recipient="https://shib.lynda.com/Shibboleth.sso/SAML2/POST"/>
      </saml:SubjectConfirmation>
</saml:SubjectConfirmation>


________________________________
 From: Mike Flynn <shibbolethlynda at yahoo.com>
To: Shib Users <users at shibboleth.net> 
Sent: Thursday, February 7, 2013 1:23 PM
Subject: Re: IdP initiated SSO
 

Thanks.  That leads me to the next item:

Unable to locate satisfiable bearer SubjectConfirmation in assertion.


Googling that produced a lot of code samples that generate the message but little else...


________________________________
 From: Brent Putman <putmanb at georgetown.edu>
To: users at shibboleth.net 
Sent: Thursday, February 7, 2013 1:08 PM
Subject: Re: IdP initiated SSO
 



On 2/7/13 3:43 PM, Mike Flynn wrote:

The Idp tried both of these: 
><saml:Conditions NotBefore="2013-02-07T19:51: 27Z" NotOnOrAfter="2013-02-07T19: 57:27Z">
><AudienceRestriction>
><Audience>https://shib.lynda.com/shibboleth-sp</Audience>
></AudienceRestriction>
></saml:Conditions>
> 
>Or:
> 
><saml:Conditions NotBefore="2013-02-07T19:46: 48Z" NotOnOrAfter="2013-02-07T19: 52:48Z">
><AudienceRestrictionCondition>
><Audience>https://shib.lynda.com/shibboleth-sp</Audience>
></ AudienceRestrictionCondition>
></saml:Conditions>
>And gets this error with either one:
>xmltooling:: UnmarshallingException at (https://shib.lynda.com/ Shibboleth.sso/SAML2/POST)
>Invalid child element: AudienceRestriction


It's missing the namespace prefix.  If they're binding the SAML
    namespace URI to prefix "saml", then those elements would be
    saml:AudienceRestriction, saml:Audience, etc.

AudienceRestrictionCondition doesn't exist in SAML. It should be
    similar to the first one you have above.







--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130207/be071f7d/attachment.html

More information about the users mailing list