IdP initiated SSO
Mike Flynn
shibbolethlynda at yahoo.com
Thu Feb 7 16:42:41 EST 2013
Thanks, Marc. I asked them to correct that but was not sure if that was the issue based on the message.
________________________________
From: Marc Boorshtein <mboorshtein at gmail.com>
To: Shib Users <users at shibboleth.net>
Sent: Thursday, February 7, 2013 1:38 PM
Subject: Re: IdP initiated SSO
NotOnorAfter is blank...
On Thu, Feb 7, 2013 at 4:35 PM, Mike Flynn <shibbolethlynda at yahoo.com> wrote:
> This is what was sent:
>
> <saml:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
> <saml:SubjectConfirmation
> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
> <saml:SubjectConfirmationData NotOnOrAfter=""
> Recipient="https://shib.lynda.com/Shibboleth.sso/SAML2/POST"/>
> </saml:SubjectConfirmation>
> </saml:SubjectConfirmation>
>
> ________________________________
> From: Mike Flynn <shibbolethlynda at yahoo.com>
> To: Shib Users <users at shibboleth.net>
> Sent: Thursday, February 7, 2013 1:23 PM
>
> Subject: Re: IdP initiated SSO
>
> Thanks. That leads me to the next item:
>
> Unable to locate satisfiable bearer SubjectConfirmation in assertion.
>
> Googling that produced a lot of code samples that generate the message but
> little else...
>
> ________________________________
> From: Brent Putman <putmanb at georgetown.edu>
> To: users at shibboleth.net
> Sent: Thursday, February 7, 2013 1:08 PM
> Subject: Re: IdP initiated SSO
>
>
> On 2/7/13 3:43 PM, Mike Flynn wrote:
>
> The Idp tried both of these:
>
> <saml:Conditions NotBefore="2013-02-07T19:51: 27Z"
> NotOnOrAfter="2013-02-07T19: 57:27Z">
> <AudienceRestriction>
> <Audience>https://shib.lynda.com/shibboleth-sp</Audience>
> </AudienceRestriction>
> </saml:Conditions>
>
> Or:
>
> <saml:Conditions NotBefore="2013-02-07T19:46:
> 48Z" NotOnOrAfter="2013-02-07T19: 52:48Z">
> <AudienceRestrictionCondition>
> <Audience>https://shib.lynda.com/shibboleth-sp</Audience>
> </ AudienceRestrictionCondition>
> </saml:Conditions>
> And gets this error with either one:
> xmltooling:: UnmarshallingException at (https://shib.lynda.com/
> Shibboleth.sso/SAML2/POST)
> Invalid child element:
> AudienceRestriction
>
>
>
>
> It's missing the namespace prefix. If they're binding the SAML namespace
> URI to prefix "saml", then those elements would be saml:AudienceRestriction,
> saml:Audience, etc.
>
> AudienceRestrictionCondition doesn't exist in SAML. It should be similar to
> the first one you have above.
>
>
>
>
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130207/4f9d8678/attachment-0001.html
More information about the users
mailing list