Shibboleth IdP Issuer
Tom Scavo
trscavo at gmail.com
Mon Feb 18 11:53:41 EST 2013
On Mon, Feb 18, 2013 at 11:37 AM, Rawlinson, Philip (rawlinpa)
<RAWLINPA at ucmail.uc.edu> wrote:
>
> Here are the 4 possibilities from their metadata in the InCommon file:
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML2/POST"
> index="1"/>
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML2/Artifact"
> index="2"/>
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/POST"
> index="3"/>
>
> <md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
> Location="https://proxy.ohiolink.edu:9100/Shibboleth.sso/SAML/Artifact"
> index="4"/>
Note that all endpoints are running over a nonstandard port, which is
almost certainly the problem. Front-channel endpoints (e.g.,
HTTP-POST) should run over port 443, that is, there should be no port
in the endpoint location at all.
Tom
More information about the users
mailing list