IdP 3: error on SAML 1 AttributeQuery

Cantor, Scott cantor.2 at osu.edu
Wed Mar 18 13:21:44 EDT 2015


On 3/18/15, 1:17 PM, "Sara Hopkins" <sara.hopkins at ed.ac.uk> wrote:
>
>Thanks Scott. The SP is on the default settings, so that would be 
>message not signed but trust certificate presented as TLS credential, I 
>think. However I don't know how to make the IdP log the SAML messages 
>from the SP; the PROTOCOL_MESSAGE logger is enabled but I'm only seeing 
>IdP messages in the log.

What you posted was the SP request, and it's not signed (and I wouldn't expect it to be).

>I don't see why the SP would present a TLS credential to my own IdP but 
>not to my client's, unless something on his network is messing with the 
>certificate contents. Possible of course, but it looks as though it's 
>just jetty listening on port 8443.

I would have to conclude he doesn't have it configured for that. You have to set a wantClientAuth option on the connector, or it won't work.

-- Scott



More information about the users mailing list