Google Apps with IdP v3 not working
Tom Poage
tfpoage at ucdavis.edu
Fri Aug 28 13:58:09 EDT 2015
On 08/26/2015 07:57 AM, David Langenberg wrote:
> Here's our setup for Google & service-now:
>
> relying-party.xml
>
> <bean id="r31" parent="RelyingPartyByName"
> c:relyingPartyIds="#{{'google.com',
> 'uchicago.maps.arcgis.com',
[longish list]
> <property name="profileConfigurations">
> <list>
> <bean id="b31" parent="SAML2.SSO"
> p:postAuthenticationFlows="context-check"
> p:encryptAssertions="false"
...
Our experience is that most relying parties (Google, ServiceNow, ...)
who do/will not support encryption need metadata local to the IdP.
In V2 we set these apart in a named <EntitiesDescriptor> metadata group,
with a corresponding <RelyingParty> entry with encryptAssertions="never"
for the SAML2SSOProfile.
Given the direction metadata aggregates seem to be headed (cf.
per-entity), is the metadata group supported in V3? Recommended?
Alternatively, IIRC relying-party.xml in V2 is by default not
auto-reloaded, so any change in V2 to add a new profile configuration by
named relying party requires container restart. Does V3 auto-reload
relying-party.xml by default now, where adding an entity to the 'longish
list' above gets picked up without a restart?
Or maybe I should wait until after I go through the V3 training
(materials). :-)
Thanks.
Tom.
More information about the users
mailing list