CA Site Minder IDP : Shibboleth SP
Bhattacharjee, Raja
Raja.Bhattacharjee at Level3.com
Mon Apr 14 02:13:14 EDT 2014
Since the IDP validation is only accessible to the people in customer network, I had to use tcpdump on our Linux shibboleth installation server to capture the tcpstream exchanged during the federation and ACS redirection.
I compared a successful federation exchange (between our shibboleth SP and another customers with relaystate set ss:mem) with the federation exchange with CA Site Mider where ACS redirection is not orking.
I found that in successful federation and ACS redirection the tcpstream shows
... SAMLResponse=...2V3D%3D&RelayState=ss%3Amem%3Ac769c3127d7f69dbd118ab58d54ce6a68f1e748469fbae860ac18a3c1767ba2bHTTP/1.1 302 Found
In case of the unsuccessful ACS redirection with CA Sit Minder I see that RelayState is missing.
...SAMLResponse=PFJlc3...HTTP/1.1 302 Found
Trying to confirm that the above missing relaystate in SAML response is causing the ACS redirection to an incorrect link? I can then approach our customer to tweak CA Site Minder to include the relayState.
Thanks
Raja
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Tuesday, April 08, 2014 6:57 PM
To: Shib Users
Subject: Re: CA Site Minder IDP : Shibboleth SP
On 4/8/14, 8:55 PM, "Bhattacharjee, Raja" <Raja.Bhattacharjee at Level3.com<mailto:Raja.Bhattacharjee at Level3.com>>
wrote:
>
>When you say to check the relay handling, is there any easy way to do
>this within shibboleth configuration and logs or do I capture packets
>using say tcpsump?
All of this goes through the browser, all you need is LiveHeaders or SAML Tracer or similar tools.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140414/cf4c700c/attachment.html
More information about the users
mailing list