Issue with Shibboleth

Cantor, Scott cantor.2 at
Tue Feb 26 15:11:40 EST 2013

On 2/26/13 2:58 PM, "Joseph Griffiths" <joseph at> wrote:

>At first glance I would assume that this issue is handled via the common
>monErrors  but when we force a SAML2 connection the AA returns data to
>our SP.  I have no idea why the 1.3 implementation of the AA is failing
>while the 2.0 works.  Any direction anyone
> can provide in solving this issue would be gratefully accepted.

2.0 works because there's no query, the attributes are pushed. Their IdP
is not supporting client TLS on the back channel or it's configured
improperly, so queries aren't working. Nothing you can do about that, they
have to fix the IdP or stop supporting queries and either push attributes
all the time or dump SAML 1.1.

-- Scott

More information about the users mailing list