Shibboleth SP configuration for IDP initiated SSO

Cantor, Scott cantor.2 at
Tue Aug 25 22:53:07 EDT 2015

On 8/25/15, 10:41 PM, "users on behalf of Sreeni Janapati" <users-bounces at on behalf of srinij77 at> wrote:

>Here is the configuration change I did in the SP Shibboleth shiboleth2.xml.
><Host name="">
>                <Path name="user" authType="shibboleth" requireSession="false"/>
>            </Host>

I don't know what that has to do with anything, or what change that's supposed to represent. There are no settings in the SP involved to "allow" IdP-initiated SSO.

>I build the metadata file based on the SAML2 response file provided by the client.
>After the above changes,

What changes?

>When IDP is trying to post the data, then there was an error in the log file "XMLTooling.TrustEngine.PKIX [1]: certificate name was not acceptable"

Then you didn't build the metadata correctly, or they gave you an incorrect key. The PKIX code isn't needed, you need to put their signing key into the metadata. If you did, then they gave you the wrong key.

-- Scott

More information about the users mailing list