Shibboleth IdP Issuer

Tom Scavo trscavo at gmail.com
Mon Feb 18 11:53:41 EST 2013


On Mon, Feb 18, 2013 at 11:37 AM, Rawlinson, Philip (rawlinpa)
<RAWLINPA at ucmail.uc.edu> wrote:
>
> Here are the 4 possibilities from their metadata in the InCommon file:
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML2/POST"
> index="1"/>
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML2/Artifact"
> index="2"/>
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/POST"
> index="3"/>
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/Artifact"
> index="4"/>

Note that all endpoints are running over a nonstandard port, which is
almost certainly the problem. Front-channel endpoints (e.g.,
HTTP-POST) should run over port 443, that is, there should be no port
in the endpoint location at all.

Tom


More information about the users mailing list