Shibboleth SP configuration for IDP initiated SSO
cantor.2 at osu.edu
Tue Aug 25 22:53:07 EDT 2015
On 8/25/15, 10:41 PM, "users on behalf of Sreeni Janapati" <users-bounces at shibboleth.net on behalf of srinij77 at hotmail.com> wrote:
>Here is the configuration change I did in the SP Shibboleth shiboleth2.xml.
> <Path name="user" authType="shibboleth" requireSession="false"/>
I don't know what that has to do with anything, or what change that's supposed to represent. There are no settings in the SP involved to "allow" IdP-initiated SSO.
>I build the metadata file based on the SAML2 response file provided by the client.
>After the above changes,
>When IDP is trying to post the data, then there was an error in the log file "XMLTooling.TrustEngine.PKIX : certificate name was not acceptable"
Then you didn't build the metadata correctly, or they gave you an incorrect key. The PKIX code isn't needed, you need to put their signing key into the metadata. If you did, then they gave you the wrong key.
More information about the users