certificate name was not acceptable
Cantor, Scott
cantor.2 at osu.edu
Thu Jun 13 15:50:10 EDT 2013
> If you're not trying to pass attributes over the back channel, either take the
> Attribute Authority endpoints out of the IdP metadata or remove this line
> from shibboleth2.xml:
>
> <!-- Use a SAML query if no attributes are supplied during SSO. -->
> <AttributeResolver type="Query" subjectMatch="true"/>
But do NOT do that if you're using queries with other SAML 1.1 IdPs. (Hint: you are, mine ;-)
> If you are trying to pass attribute over the back channel, then yes, this needs
> to be further debugged, and that TLS connection can be failing for any
> number of reasons(one of the reasons we moved away from using the back
> channel in the first place).
In this case it's not in question why. The certificate name isn't right or the hostname of the endpoint in the metadata for queries isn't.
-- Scott
More information about the users
mailing list