SP Configuration issue

Lipscomb, Gary glipscomb at csu.edu.au
Sun Apr 6 18:30:47 EDT 2014


I'm guessing that since the file metadataFile="C:/shibboleth-sp-2.5.1/etc/shibboleth/sp-metadata.xml" has C: this is sitting on a windows server,

Shouldn't it be metadataFile="C:\shibboleth-sp-2.5.1\etc\shibboleth\sp-metadata.xml", backslash instead of forward slash.



Gary

|-----Original Message-----
|From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
|On Behalf Of Eric Stein
|Sent: Saturday, 5 April 2014 00:53
|To: Shib Users
|Subject: RE: SP Configuration issue
|
|Scott,
|
|Thanks for taking the time to look at this.
|
|My "relying party error" is the very common:
|    Error Message: SAML 2 SSO profile is not configured for relying
|party https://cms1.locusfocus.com/shibboleth
|
|In my IdP's relying-party.xml, I have:
|        <metadata:MetadataProvider id="SPMD"
|
|xsi:type="metadata:FilesystemMetadataProvider"
|                                   metadataFile="C:/shibboleth-sp-
|2.5.1/etc/shibboleth/sp-metadata.xml" /> I checked that file, and it
|exists. It contains the (problematic?) metadata I mentioned in the prior
|message.
|
|In my SP's shibboleth2.xml, I have:
|    <ApplicationDefaults
|entityID="https://cms1.locusfocus.com/shibboleth"
|                         REMOTE_USER="nameid persistent-id targeted-id">
|...
|            <SSO entityID="https://cms1.locusfocus.com/idp/shibboleth"
|                 discoveryProtocol="SAMLDS"
|discoveryURL="https://cms1.locusfocus.com/discovery/DS">
|              SAML2 SAML1
|            </SSO>
|which to me means that the SP's entityID is set correctly.
|
|I thought that the way the IdP found the SP was through the entityID in
|the sp-metadata. Is that not correct? So what am I missing that the IdP
|can't find the SP?
|
|Thanks,
|Eric
|
|-----Original Message-----
|From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
|On Behalf Of Cantor, Scott
|Sent: Thursday, April 03, 2014 10:07 PM
|To: Shib Users
|Subject: Re: SP Configuration issue
|
|On 4/3/14, 9:56 PM, "Eric Stein" <steine at locustec.com> wrote:
|
|>but all the Location attribute URIs have foo.mycompany.com in them. I
|>did a search of all files in my shibboleth installation, and
|>bar.mycmpny.com only shows up in the generated metadata.
|
|Your description implies that it isn't in the metadata at all, other
|than by way of the certificate generated when you installed the SP. Nor
|does it matter what's in that certificate in practice.
|
|> I *think* this is what's causing my relying party error.
|
|Very unlikely, but since I don't know what "relying party error" means,
|I couldn't say for certain.
|
|> So I guess my questions are:
|>0) where is shibboleth getting the key name and cert subject name from?
|
|>From the certificate it generated during installation.
|
|>1) why doesn't fixing them manually to be foo.mycompany.com work?
|
|I guess that depends on what you did, but the certificate is whatever
|you configure it to be, and the metadata is never to be generated and
|used directly without modification, so it's entirely under your control
|what you give to others.
|
|>2) could this be causing my relying party problem, or is it just a red
|>herring?
|
|I don't know what the problem is since you didn't describe it, but I
|doubt it has anything to do with it.
|
|-- Scott
|
|
|--
|To unsubscribe from this list send an email to users-
|unsubscribe at shibboleth.net
|--
|To unsubscribe from this list send an email to users-
|unsubscribe at shibboleth.net
Charles Sturt University

| ALBURY-WODONGA | BATHURST | CANBERRA | DUBBO | GOULBURN | MELBOURNE | ONTARIO | ORANGE | PORT MACQUARIE | SYDNEY | WAGGA WAGGA |

LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.

Charles Sturt University in Australia  http://www.csu.edu.au  The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795  (ABN: 83 878 708 551; CRICOS Provider Numbers: 00005F (NSW), 01947G (VIC), 02960B (ACT)). TEQSA Provider Number: PV12018

Charles Sturt University in Ontario  http://www.charlessturt.ca 860 Harrington Court, Burlington Ontario Canada L7N 3N4  Registration: www.peqab.ca

Consider the environment before printing this email.

Disclaimer added by CodeTwo Exchange Rules 2007
http://www.codetwo.com



More information about the users mailing list