AW: SAML IdP Proxy

Shirlei shirlei at gmail.com
Fri Nov 28 14:52:51 EST 2014 

Hy guys!

Have any of you implemented the SAML IdP Proxy discussed here, using
simplesamlphp?
What I need is exactly what is pictured in the image below:

<http://shibboleth.1660669.n2.nabble.com/file/n7609453/proxy.png> 

My SP federation and IdP federation use Shibboleth. If I understand it
right, I could have in my shibboleth sp a  list of available idps (available
in the Federation IdPs) and connect through the simplesaml proxy as If I was
connecting direct with the Federation IdP.

I would really appreciate if any of you could share some tip. At this
moment, for instance, I'm trying to show the discovery service in my shib
sp, with the IdPlist, 

In my shibboleth2.xml, I have the following configuration (snipets):
....
<SessionInitiator type="Chaining" Location="/DS" isDefault="true" id="DS"
relayState="cookie" acsByIndex="false">
                <SessionInitiator type="SAML2" defaultACSIndex="1"
template="bindingTemplate.html"/>
                <SessionInitiator type="Shib1" defaultACSIndex="5"/>
                <SessionInitiator type="SAMLDS"
URL="https://idp-saml.gidlab.rnp.br/simplesaml/saml2/sp/idpdisco.php"/>
        </SessionInitiator>

....
        <MetadataProvider type="Chaining">
            <MetadataProvider type="XML"
uri="https://idp-saml.gidlab.rnp.br/simplesaml/saml2/idp/metadata.php"
                 backingFilePath="/etc/shibboleth/ds-metadata.xml"
validate="true" reloadInterval="300">
           </MetadataProvider>
        </MetadataProvider>

In my sp eds (shibboleth eds) I just got the following link only:

https://idp-saml.gidlab.rnp.br/simplesaml/saml2/idp/metadata.php

And I try to connect using it, just to see what happens, and then I got the
following error:

Unable to locate metadata for 'https://200.237.193.112/shibboleth-sp2'
This is most likely a configuration problem on either the service provider
or identity provider.

When I add my sp to a shib idp, I sent my metadata file. But in
simplesamphp, I just don't find where to configure it! I've put a medata
entry in metadata/shib13-sp-remote.php, similar to the example
($metadata['https://sp.shiblab.feide.no'] = array(
        'AssertionConsumerService' =>
'http://sp.shiblab.feide.no/Shibboleth.sso/SAML/POST',
        'audience'                 => 'urn:mace:feide:shiblab',
        'base64attributes'         => FALSE,
);
)
but I don't think that is all...

So, any help is really appreciated.

Thank you very much!!





--
View this message in context: http://shibboleth.1660669.n2.nabble.com/SAML-IdP-Proxy-tp7585283p7609453.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.

More information about the users mailing list