SP Configuration issue
Eric Stein
steine at locustec.com
Thu Apr 3 21:56:56 EDT 2014
I'm trying to set up an SP, and I'm pretty sure I made a config error, but I don't know where. My server has a domain name of foo.mycompany.com, and an internal machine name of bar.mycmpny.com. When I run https://foo.mycompany.com/Shibboleth.sso/Metadata, the metadata I get back looks like this:
...
<md:KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName> bar.mycmpny.com </ds:KeyName>
<ds:X509Data>
<ds:X509SubjectName>CN= bar.mycmpny.com </ds:X509SubjectName>
...
but all the Location attribute URIs have foo.mycompany.com in them. I did a search of all files in my shibboleth installation, and bar.mycmpny.com only shows up in the generated metadata. I *think* this is what's causing my relying party error. So I guess my questions are:
0) where is shibboleth getting the key name and cert subject name from?
1) why doesn't fixing them manually to be foo.mycompany.com work?
2) could this be causing my relying party problem, or is it just a red herring?
Thanks,
Eric
More information about the users
mailing list