Shibbolth IdP setting isssuer as AudienceRestriction
Alain O'Dea
alain.odea at gmail.com
Thu Jun 11 10:06:30 EDT 2015
I am putting together a proof of concept of SAML authentication.
I have Shibboleth IdP configured and working with TestShib.
I have been working with the example app in
https://github.com/onelogin/java-saml to accept the SAML tokens. So far I
have disabled assertion encryption since their library doesn't support it.
It has a SAML SP at http://localhost:8080/index.jsp that redirects to my
Shibboleth IdP and receives the SAML token at
http://localhost:8080/consume.jsp. The workflow appears to work in the SP
redirects correctly to the IdP, the login form appears, I authenticate, and
am redirected with a SAML token to http://localhost:8080/consume.jsp.
It almost works but the SAML token has an AudienceRestriction of
http://localhost:8080/index.jsp which is the issuer, not the consumer. The
saml-java SP rejects this.
Is saml-java doing something incorrect? How do I get Shibboleth IdP to set
the AudienceRestriction to http://localhost:8080/consume.jsp?
Thanks,
Alain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150611/a48c6515/attachment.html>
More information about the users
mailing list