Shib IdP 3 and IOP online service

Maja Wolniewicz mgw at umk.pl
Tue Mar 24 07:55:30 EDT 2015



W dniu 24.03.2015 o 12:14, Rod Widdowson pisze:
>> Releasing attributes to SAML2 SPs works.
> To clarify, does that mean that SP is demanding SAML1?  The metadata I'm looking at suggests not at first blush.
It seems that while going to my Shib  3 IdP ticket.iop.org uses SAML1.
I have in the log
  2015-03-24 12:39:05,229 - DEBUG [PROTOCOL_MESSAGE:166] -
SAML 1 IdP-initiated request was: 
IdPInitiatedSSORequest{entityId=https://ticket.iop.org/shibboleth, 
acsURL=https://ticket.iop.org/Shibboleth.sso/SAML/POST, 
relayState=cookie:534566a6, time=2015-03-24T11:39:04.000Z}
and then IdP produces <saml1p:response> and send it to

I have the production IdP running simplesamlphp and there all works 
good. SAML tracer shows  that first <samlp:AuthnRequest..> is sent, then 
<samlp:Response> and the POST goes to SAML2 endpoint
https://ticket.iop.org/Shibboleth.sso/SAML2/POST

>
> But then they also appear to be being doing something odd with discovery to do with per federation responses, and then end up with a Shibboleth (SAML1) query.
>
> I've just tested a SAML1 sp against a V3 IdP (with attribute pull) and it did "what I expected" (show attribute screen and then release them), so it's not a simple bug.
>
> More by way of straw-grasping, can you force the artefact profile and see what happens:
>
> <youtIdP>/idp/profile/Shibboleth/SSO?shire=https%3A%2F%2Fticket.iop.org%2FShibboleth.sso%2FSAML%2FArtifact&target=cookie%3A015f5922&providerId=https%3A%2F%2Fticket.iop.org%2Fshibboleth
>
With this request I'm getting an error from 
https://ticket.iop.org/Shibboleth.sso/SAML/Artifact...:


  opensaml::BindingException

The system encountered an error at Tue Mar 24 11:18:49 2015

To report this problem, please contact the site administrator at 
custserv at iop.org <mailto:custserv at iop.org>.

Please include the following message in any email:

opensaml::BindingException at 
(https://ticket.iop.org/Shibboleth.sso/SAML/Artifact)

Unable to resolve artifact(s) into a SAML response.


Maja
>
>
>

-- 
Maja Gorecka-Wolniewicz          mgw at umk.pl
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150324/f4072ebd/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5278 bytes
Desc: Kryptograficzna sygnatura S/MIME
Url : http://shibboleth.net/pipermail/users/attachments/20150324/f4072ebd/attachment.bin 


More information about the users mailing list