Metadata Changeover Questions
McKean, Brandon Scott - mckeanbs
mckeanbs at jmu.edu
Wed Aug 5 10:03:00 EDT 2015
Yes. It's a trick, but it works. InCommon's tools will update the protocolSupportEnumeration if there's a single SAML 2 endpoint in place, and that endpoint alone won't influence any SP to do anything, but once the protocol's in place, Shibboleth SPs at least will accept responses from the IdP.
You should carefully review the XML output it presents as the "to be published" data to make sure all it adds is the one endpoint and the updated protocolSupportEnumeration.
Looks like that's largely what it does, now that I've been able to update that.
I'm guessing the additional xmlns entry under <EntityDescriptor> is safe? Namely it adds "xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
Everything else seems to look like before.
Thanks much,
Brandon McKean
On Wed, 2015-07-22 at 22:23 +0000, Cantor, Scott wrote:
On 7/22/15, 5:05 PM, "users on behalf of McKean, Brandon Scott - mckeanbs" <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> on behalf of mckeanbs at jmu.edu<mailto:mckeanbs at jmu.edu>> wrote:
To make sure I understand what you mentioned from before, you're saying I should add something like this and only this to the metadata? :
<ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://itfederation.jmu.edu:8443/idp/profile/SAML2/SOAP/ArtifactResolution"
index="2"/>
Yes. It's a trick, but it works. InCommon's tools will update the protocolSupportEnumeration if there's a single SAML 2 endpoint in place, and that endpoint alone won't influence any SP to do anything, but once the protocol's in place, Shibboleth SPs at least will accept responses from the IdP.
You should carefully review the XML output it presents as the "to be published" data to make sure all it adds is the one endpoint and the updated protocolSupportEnumeration.
-- Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150805/2bfbf46a/attachment.html>
More information about the users
mailing list