Case sensitivity of URL scheme in IdPv3 (Ellucian WebAdvisor)

Rich Graves rgraves at
Thu Dec 17 15:35:20 EST 2015

I'm trying to authenticate to Ellucian WebAdvisor from Shib IdPv3.2.

It "works" in Shib v2.

The (awful) SP has all-caps "HTTPS" hard-coded and as far as we can tell immutable, resulting in SAML requests starting with

   <?xml version="1.0" encoding="UTF-8"?>
   <samlp :AuthnRequest AssertionConsumerServiceURL="HTTPS://"

If I put lower case https:// in the SP metadata AssertionConsumerService, I get "No metadata returned in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor"

If I use upper case HTTPS://, the IdP chokes here:

2015-12-17 13:45:29,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:411] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location HTTPS:// using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
org.opensaml.messaging.handler.MessageHandlerException: Relying party endpoint used the untrusted URL scheme HTTPS

(How) can I define "HTTPS" as a trusted URL scheme? Other approaches?

More information about the users mailing list