IdP initiated SSO

Marc Boorshtein mboorshtein at gmail.com
Thu Feb 7 16:38:09 EST 2013 

NotOnorAfter is blank...

On Thu, Feb 7, 2013 at 4:35 PM, Mike Flynn <shibbolethlynda at yahoo.com> wrote:
> This is what was sent:
>
> <saml:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
>       <saml:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
>             <saml:SubjectConfirmationData NotOnOrAfter=""
> Recipient="https://shib.lynda.com/Shibboleth.sso/SAML2/POST"/>
>       </saml:SubjectConfirmation>
> </saml:SubjectConfirmation>
>
> ________________________________
> From: Mike Flynn <shibbolethlynda at yahoo.com>
> To: Shib Users <users at shibboleth.net>
> Sent: Thursday, February 7, 2013 1:23 PM
>
> Subject: Re: IdP initiated SSO
>
> Thanks.  That leads me to the next item:
>
> Unable to locate satisfiable bearer SubjectConfirmation in assertion.
>
> Googling that produced a lot of code samples that generate the message but
> little else...
>
> ________________________________
> From: Brent Putman <putmanb at georgetown.edu>
> To: users at shibboleth.net
> Sent: Thursday, February 7, 2013 1:08 PM
> Subject: Re: IdP initiated SSO
>
>
> On 2/7/13 3:43 PM, Mike Flynn wrote:
>
> The Idp tried both of these:
>
> <saml:Conditions NotBefore="2013-02-07T19:51: 27Z"
> NotOnOrAfter="2013-02-07T19: 57:27Z">
> <AudienceRestriction>
> <Audience>https://shib.lynda.com/shibboleth-sp</Audience>
> </AudienceRestriction>
> </saml:Conditions>
>
> Or:
>
> <saml:Conditions NotBefore="2013-02-07T19:46:
>  48Z" NotOnOrAfter="2013-02-07T19: 52:48Z">
> <AudienceRestrictionCondition>
> <Audience>https://shib.lynda.com/shibboleth-sp</Audience>
> </ AudienceRestrictionCondition>
> </saml:Conditions>
> And gets this error with either one:
> xmltooling:: UnmarshallingException at (https://shib.lynda.com/
> Shibboleth.sso/SAML2/POST)
> Invalid child element:
>  AudienceRestriction
>
>
>
>
> It's missing the namespace prefix.  If they're binding the SAML namespace
> URI to prefix "saml", then those elements would be saml:AudienceRestriction,
> saml:Audience, etc.
>
> AudienceRestrictionCondition doesn't exist in SAML. It should be similar to
> the first one you have above.
>
>
>
>
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net

More information about the users mailing list