Shib IdP 3 and IOP online service
Maja Wolniewicz
mgw at umk.pl
Tue Mar 24 07:55:30 EDT 2015
W dniu 24.03.2015 o 12:14, Rod Widdowson pisze:
>> Releasing attributes to SAML2 SPs works.
> To clarify, does that mean that SP is demanding SAML1? The metadata I'm looking at suggests not at first blush.
It seems that while going to my Shib 3 IdP ticket.iop.org uses SAML1.
I have in the log
2015-03-24 12:39:05,229 - DEBUG [PROTOCOL_MESSAGE:166] -
SAML 1 IdP-initiated request was:
IdPInitiatedSSORequest{entityId=https://ticket.iop.org/shibboleth,
acsURL=https://ticket.iop.org/Shibboleth.sso/SAML/POST,
relayState=cookie:534566a6, time=2015-03-24T11:39:04.000Z}
and then IdP produces <saml1p:response> and send it to
I have the production IdP running simplesamlphp and there all works
good. SAML tracer shows that first <samlp:AuthnRequest..> is sent, then
<samlp:Response> and the POST goes to SAML2 endpoint
https://ticket.iop.org/Shibboleth.sso/SAML2/POST
>
> But then they also appear to be being doing something odd with discovery to do with per federation responses, and then end up with a Shibboleth (SAML1) query.
>
> I've just tested a SAML1 sp against a V3 IdP (with attribute pull) and it did "what I expected" (show attribute screen and then release them), so it's not a simple bug.
>
> More by way of straw-grasping, can you force the artefact profile and see what happens:
>
> <youtIdP>/idp/profile/Shibboleth/SSO?shire=https%3A%2F%2Fticket.iop.org%2FShibboleth.sso%2FSAML%2FArtifact&target=cookie%3A015f5922&providerId=https%3A%2F%2Fticket.iop.org%2Fshibboleth
>
With this request I'm getting an error from
https://ticket.iop.org/Shibboleth.sso/SAML/Artifact...:
opensaml::BindingException
The system encountered an error at Tue Mar 24 11:18:49 2015
To report this problem, please contact the site administrator at
custserv at iop.org <mailto:custserv at iop.org>.
Please include the following message in any email:
opensaml::BindingException at
(https://ticket.iop.org/Shibboleth.sso/SAML/Artifact)
Unable to resolve artifact(s) into a SAML response.
Maja
>
>
>
--
Maja Gorecka-Wolniewicz mgw at umk.pl
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150324/f4072ebd/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5278 bytes
Desc: Kryptograficzna sygnatura S/MIME
Url : http://shibboleth.net/pipermail/users/attachments/20150324/f4072ebd/attachment.bin
More information about the users
mailing list