IdP 3: error on SAML 1 AttributeQuery
Cantor, Scott
cantor.2 at osu.edu
Wed Mar 18 13:21:44 EDT 2015
On 3/18/15, 1:17 PM, "Sara Hopkins" <sara.hopkins at ed.ac.uk> wrote:
>
>Thanks Scott. The SP is on the default settings, so that would be
>message not signed but trust certificate presented as TLS credential, I
>think. However I don't know how to make the IdP log the SAML messages
>from the SP; the PROTOCOL_MESSAGE logger is enabled but I'm only seeing
>IdP messages in the log.
What you posted was the SP request, and it's not signed (and I wouldn't expect it to be).
>I don't see why the SP would present a TLS credential to my own IdP but
>not to my client's, unless something on his network is messing with the
>certificate contents. Possible of course, but it looks as though it's
>just jetty listening on port 8443.
I would have to conclude he doesn't have it configured for that. You have to set a wantClientAuth option on the connector, or it won't work.
-- Scott
More information about the users
mailing list