Salesforce error when authing against Shibboleth

Cantor, Scott cantor.2 at osu.edu
Fri Aug 8 17:51:29 EDT 2014


On 8/8/14, 5:42 PM, "Ben Branch" <BBranch at uco.edu> wrote:
>
>So...then do I just comment out these 2 lines in my idp-metadata.xml?  Or
>is there something more that I need to do?

Metadata advertises what you support and is something you change after
having changed something that it reflects.

Disabling profiles for specific requesters is done with relying-party.xml
(each profile has an element inside the RelyingParty elements that
represents support for the profile and what options are used with it).

Disabling a particular profile outright, full stop, is done in handler.xml
by removing the profile mapping that associates a path in the IdP to that
profile.

SOAP is used for attribute queries and for the artifact profile/binding.
Disabling SAML 1 queries while supporting SAML 1 SPs with default options
that don't include attributes during SSO will flat break them. However,
you obviously don't have queries working now given that the wrong
certificate is there, so it's pretty likely you don't need it.

>  I have an LDAP Data Connector configured and what I believe to be
>properly configured attribute-filter and resolver.

I guess that's not true, since you're not releasing any data even to
testshib.

-- Scott



More information about the users mailing list