Shibboleth IdP 2.3.8 and SAML1 token
Cantor, Scott
cantor.2 at osu.edu
Wed Feb 13 19:42:26 EST 2013
On 2/13/13 4:59 PM, "Abba Yadav" <APY at usp.org> wrote:
>I am relatively new to Shibboleth and I have integrated an Shibboleth SP
>2.5.1 with a Shibboleth IdP 2.3.8 and SAML2 tokens are generated
>correctly. Now I have to integrate the Shibboleth IdP with a service
>provider that can only accept SAML1 tokens. Do I have to change anything
>in the Shibboleth IdP to generate SAML1 tokens or correct SAML1 tokens
>will be generated when the Service Provider makes SSO request.
There is no concept in SAML 1.1 of a request. The only request flow the
IdP understands for SAML 1.1 profile use is the Shibboleth request profile
that was created to get around that limitation. To get it to issue that
version of response, that's the kind of request you have to send to it.
No commercial SP will make such a request so you will have to trigger this
redirect to the IdP on its behalf.
> Currently I do not have access to a Service Provider that only accepts
>SAML1 tokens.
Yes, you do, Shibboleth. Just turn off SAML2 support in it in a fairly
obvious way, delete SAML2 from the protocol list in <SSO>.
-- Scott
More information about the users
mailing list