Shibboleth IdP with Webex

Wed Sep 10 04:45:12 EDT 2014

Generic thought - could you not contact Webex and ask them to check their logs, with the detail you've given us?

I'm working on a Google Apps pairing currently, and they've offered to examine the headers of the handshake and investigate the issue at their end.

Dave

_________________________________________________
Dave Perry
eLearning Technologist, Hull College Group

Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930

* Need a fast reply? Try elearning at hull-college.ac.uk<mailto:elearning at hull-college.ac.uk> *

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Todd, James
Sent: 10 September 2014 09:43
To: users at shibboleth.net
Subject: Shibboleth IdP with Webex

Hi Group,

I'd like some guidance primarily from those who have already got Shib and Webex working together here as I gather from other posts I've seen it's not entirely straightforward as other setups.

I've been trying to federate with Webex using our 2.3.8 IdP, using the documentation provided by Cisco (which seems heavily geared towards helping those using ADFS) and I'm hitting a brick wall. I've added the Webex metadata, I've pulled together the required attributes in the resolver (uid, email, firstname, lastname) and configured a webex nameid and used the uid for that. I've configured the attribute filter to remove all the unwanted attributes we usually release as default for other SPs.  I've configured the webex side to point at our IdP, I've added our IdP metadata and all that good stuff.

So when it comes to Webex login it correctly redirects to our IdP and our IdP redirects back to Webex, from the logs I can see the attributes I want sent are being sent - but webex fails to login with the error "Reason:  Invalid Response message (29)" obviously that means that something's wrong with my assertion but the documentation is of no help and as I've already said geared heavily to an ADFS implementation.

So, has anybody already successfully done this, and do they have any pointers?

Cheers

James
_____________________________________
James Todd | Data Centre & Operations Analyst
Edinburgh Napier University
Craiglockhart Campus
Edinburgh
EH14 1DJ
Tel: 0131 455 4313
Email: j.todd at napier.ac.uk<mailto:j.todd at napier.ac.uk>

** IT Support is now available 24 hrs a day, 365 days of the year **

For Help and Advice on any of our IT services please visit:
Staff Intranet:   http://staff.napier.ac.uk/services/cit/Pages/info-services.aspx
Student Portal:  https://studentportal.napier.ac.uk/citservices/default.aspx

[CSE logo 2014]

**********************************************************************
This message is sent in confidence for the addressee
only. It may  contain confidential or sensitive
information.  The contents are not to be disclosed
to anyone other than the addressee.  Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission.  Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College.  Nothing in this
message should be construed as creating a contract.

Hull College owns the email infrastructure, including the contents.

Hull College is committed to sustainability, please reflect before printing this email.
**********************************************************************

TEXT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140910/95440f9e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 4307 bytes
Desc: image001.jpg
Url : http://shibboleth.net/pipermail/users/attachments/20140910/95440f9e/attachment.jpg 