SP Redirects straight to XML instead of IDP Authentication Page

Peter Schober peter.schober at univie.ac.at
Mon Nov 17 15:44:18 EST 2014

* Mohammad Rahman <mrahman at brookdalecc.edu> [2014-11-17 21:25]:
> I have the SP metadata inside the ChainingMetadataProvider in my relaying-party.xml file as:
> <MetadataProvider xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" id="NetPartner">
>                                                    <EntityDescriptor entityID="NetPartner" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
>                                                                   <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
>                                                                                 <AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>                                                                                 Location="https://finaid.brookdalecc.edu/NetPartner/NetPartnerStudent/Logon.aspx" />
>                                                                   </SPSSODescriptor>
>                                                    </EntityDescriptor>
> </MetadataProvider>

You can't just paste SAML metadata into you relaying-party.xml.
Try the documentation, putting the metadata into a file on the file
system and reference it from within relaying-party.xml:

Once that's done and the container restarted, what will then happen is
that when trying to log in to that SP the IDP will fail with an error
that it cannot encrypt the SAML assertion to the SP, because the SP is
lacking a public key in SAML metadata.

To work around that (and continue sending them unencrypted data)
you'll need to add a RelyingParty element in relaying-party.xml, with
a ProfileConfiguration that overrides the default, setting
encryptAssertions to false.

More information about the users mailing list