Shibboleth SP configuration for IDP initiated SSO

Sreeni Janapati srinij77 at
Tue Aug 25 23:15:51 EDT 2015

Thank your for your quick response. I will check with my client on the key.

Since IDP is initiating the request and sending the SAML response to SP, Shibboleth SP should not send the authenticating request to IDP. Is there any setting to do in the SP?


> From: cantor.2 at
> To: users at
> Subject: Re: Shibboleth SP configuration for IDP initiated SSO
> Date: Wed, 26 Aug 2015 02:53:07 +0000
> On 8/25/15, 10:41 PM, "users on behalf of Sreeni Janapati" <users-bounces at on behalf of srinij77 at> wrote:
> >Here is the configuration change I did in the SP Shibboleth shiboleth2.xml.
> >
> ><Host name="">
> >                <Path name="user" authType="shibboleth" requireSession="false"/>
> >            </Host>
> I don't know what that has to do with anything, or what change that's supposed to represent. There are no settings in the SP involved to "allow" IdP-initiated SSO.
> >I build the metadata file based on the SAML2 response file provided by the client.
> >
> >After the above changes,
> What changes?
> > 
> >When IDP is trying to post the data, then there was an error in the log file "XMLTooling.TrustEngine.PKIX [1]: certificate name was not acceptable"
> Then you didn't build the metadata correctly, or they gave you an incorrect key. The PKIX code isn't needed, you need to put their signing key into the metadata. If you did, then they gave you the wrong key.
> -- Scott
> -- 
> To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list