Google Apps with IdP v3 not working

Tom Poage tfpoage at
Fri Aug 28 13:58:09 EDT 2015

On 08/26/2015 07:57 AM, David Langenberg wrote:
> Here's our setup for Google & service-now:
> relying-party.xml
> <bean id="r31" parent="RelyingPartyByName"
>                     c:relyingPartyIds="#{{'',
>                                   '',
[longish list]
>             <property name="profileConfigurations">
>                 <list>
>                     <bean id="b31" parent="SAML2.SSO"
>                             p:postAuthenticationFlows="context-check"
>                             p:encryptAssertions="false"

Our experience is that most relying parties (Google, ServiceNow, ...)
who do/will not support encryption need metadata local to the IdP.

In V2 we set these apart in a named <EntitiesDescriptor> metadata group,
with a corresponding <RelyingParty> entry with encryptAssertions="never"
for the SAML2SSOProfile.

Given the direction metadata aggregates seem to be headed (cf.
per-entity), is the metadata group supported in V3? Recommended?

Alternatively, IIRC relying-party.xml in V2 is by default not
auto-reloaded, so any change in V2 to add a new profile configuration by
named relying party requires container restart. Does V3 auto-reload
relying-party.xml by default now, where adding an entity to the 'longish
list' above gets picked up without a restart?

Or maybe I should wait until after I go through the V3 training
(materials). :-)


More information about the users mailing list