CA Site Minder IDP : Shibboleth SP
Bhattacharjee, Raja
Raja.Bhattacharjee at Level3.com
Tue Apr 8 20:24:13 EDT 2014
Hello,
I am encountering an issue with my setup and any assistance will be appreciated.
Trying to federate with one of our customer who is using CA SiteMInder as their IDP.
The setup on my side is
<ApplicationOverride id="acme_app" entityID="https://collaboration-sso.cfer.com/acme/shibboleth"
signing="false" encryption="false"
attributePrefix="AJP_"
REMOTE_USER="eppn persistent-id targeted-id">
<Sessions lifetime="28800" timeout="3600" checkAddress="false" handlerSSL="false" cookieProps="http" relayState="cookie"
handlerURL="/acme/Shibboleth.sso">
<SSO entityID="http://stsso.acme.com">
SAML2 SAML1
</SSO>
</Sessions>
<MetadataProvider type="XML" file="/app/sso/shibboleth-sp/metadata/sso-acme.metadata.xml">
</MetadataProvider>
<AttributeExtractor type="XML" file="/app/sso/shibboleth-sp/etc/shibboleth/attribute-map.xml">
</AttributeExtractor>
</ApplicationOverride>
All federation is working fine except the fact that ACS is not returning the correct URL redirect back to the browser
Instead of redirecting to https://collaboration-sso.cfer.com/acme/ it is doing the following
2014-04-08 23:47:11 DEBUG Shibboleth.SSO.SAML2 [3]: ACS returning via redirect to: https://collaboration-sso.cfer.com/
I have tried ss:mem as relayState with the same end result. The above application override template is working for all other IDP providers that we federate with.
Following the redirection to https://collaboration-sso.cfer.com/ if end user with enterprise Acme adds /acme to the URL, it works.
Thanks and let me know if you need any additional information
Raja
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140409/71580dd9/attachment.html
More information about the users
mailing list