Shibboleth SP configuration for IDP initiated SSO
Sreeni Janapati
srinij77 at hotmail.com
Tue Aug 25 23:15:51 EDT 2015
Scott,
Thank your for your quick response. I will check with my client on the key.
Since IDP is initiating the request and sending the SAML response to SP, Shibboleth SP should not send the authenticating request to IDP. Is there any setting to do in the SP?
Srini
> From: cantor.2 at osu.edu
> To: users at shibboleth.net
> Subject: Re: Shibboleth SP configuration for IDP initiated SSO
> Date: Wed, 26 Aug 2015 02:53:07 +0000
>
> On 8/25/15, 10:41 PM, "users on behalf of Sreeni Janapati" <users-bounces at shibboleth.net on behalf of srinij77 at hotmail.com> wrote:
>
> >Here is the configuration change I did in the SP Shibboleth shiboleth2.xml.
> >
> ><Host name="www.spserver.com">
> > <Path name="user" authType="shibboleth" requireSession="false"/>
> > </Host>
>
> I don't know what that has to do with anything, or what change that's supposed to represent. There are no settings in the SP involved to "allow" IdP-initiated SSO.
>
> >I build the metadata file based on the SAML2 response file provided by the client.
> >
> >After the above changes,
>
> What changes?
>
> >
> >When IDP is trying to post the data, then there was an error in the log file "XMLTooling.TrustEngine.PKIX [1]: certificate name was not acceptable"
>
> Then you didn't build the metadata correctly, or they gave you an incorrect key. The PKIX code isn't needed, you need to put their signing key into the metadata. If you did, then they gave you the wrong key.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150825/00931d88/attachment-0001.html>
More information about the users
mailing list