Issues getting PagerDuty which uses SAML 2.0 to talk to Shibboleth IDP.

Cahill, Charles (GE Appliances) Charles.Cahill at ge.com
Sun Jul 19 23:04:28 EDT 2015 

Everything seems to be working at this point. I have a login page, can login to the IDP and get authenticated.  Looks like all of the header
info is passed as far as I can tell in SAML tracer and I get no errors, but then I get the following 

"NetworkError: 400 Bad Request - https://ge-appliances.pagerduty.com/sso/saml/consume"

Any ideas why it sends me back to this instead of on into the application?

Thanks,
Charles Cahill
SSO/LDAP/Web Application Support

Desk 502 452-4737  
Cell   502 541-5702
Charles.Cahill at ge.com


-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Peter Schober
Sent: Saturday, July 18, 2015 5:06 AM
To: users at shibboleth.net
Subject: Re: Issues getting PagerDuty which uses SAML 2.0 to talk to Shibboleth IDP.

* Cantor, Scott <cantor.2 at osu.edu> [2015-07-18 01:01]:
> Putting 2 and 2 together, I'm going to guess that the reason the 
> metadata's wrong *and* has endpoints that make no sense is that you 
> didn't actually create metadata for this SP, you copied metadata from 
> an example for Shibboleth and just used it unchanged. You can't do 
> that.

And I already created (what I think should be) complete and correct metadata for that SP, earlier in this thread.
(And no, I'm not looking up the URL from the archives and I won't repeat any of it here.)

> And to head off the next round, that's not enough. If the SP has a 
> decryption key, then you need to put it in the metadata appropriately 
> for the IdP to consume. If it doesn't, which is likely, then you need 
> to turn off encryption, probably by creating or extending a 
> RelyingParty override in the IdP configuration.

David B. and me also created complete copy&paste configuration for the OP to configure just that.

(Not to mention figure out what his own IDP's entityID is, what the SP's entityID is, what the SPs endpoints are, etc.)

It's all in the archives (including previous pointers to the archive).
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list