idp certificate issue
Cantor, Scott
cantor.2 at osu.edu
Sat Nov 8 13:52:09 EST 2014
On 11/8/14, 12:52 AM, "Christopher Steinke"
<christopher.steinke at disneyanimation.com> wrote:
>So why is is that the IDP metadata with the same certificate works on one
>config but not the other? And yes it's the same, because I copied the
>same IDP metadata file from one working machine to the machine that does
>not work.
As Nate said, if this is SAML 2, then you're not releasing any attributes
to that SP, and you have query support in the metadata, and that support
is invalid because you don't have the right key in the metadata for the AA
role.
If you don't mean to support queries, then don't advertise it. The
metadata is strictly your responsibility to craft accurately, the software
will never do that step.
And of course you have to fix the attribute release issue for that SP.
-- Scott
More information about the users
mailing list