Salesforce error when authing against Shibboleth

Cantor, Scott cantor.2 at osu.edu
Wed Aug 6 15:43:29 EDT 2014


On 8/6/14, 3:40 PM, "Zico" <mailzico at gmail.com> wrote:
>
>I had same issue before and as far as I remember, we resolved it by
>releasing transientID ( ** ) in this trust relationship.

That doesn't really make any sense in the context of the error.

> 
>Also, SAML2SSO Profile should be configured where "encryptAssertions"
>should be "never".

That's a separate issue, and no, it doesn't need to be. They support
encryption now, but I do suspect that you'll end up having to annually
roll the encryption key and may end up deciding not to bother with it.

-- Scott



More information about the users mailing list