IDP03 unsolicited sso support

Alexander Galilov alexander.galilov at gmail.com
Thu May 7 08:56:27 EDT 2015 

Thank you Rod,
Does it mean that if I go to

https://iis.authasas.local/idp/profile/SAML2/Unsolicited/SSO?providerId=https://authtest.my.salesforce.com

in my browser then it should work?

I got an error message and few records in idp logfile:

2015-05-07 15:49:33,070 - ERROR
[org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:75]
- SPSSODescriptor for entity ID 'https://authtest.my.salesforce.com'
indicates AuthnRequests must be signed, but inbound message was not signed

2015-05-07 15:49:33,101 - WARN
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:182] -
Profile Action WebFlowMessageHandlerAdaptor: Exception handling message
org.opensaml.messaging.handler.MessageHandlerException: Inbound
AuthnRequest was required to be signed but was not
at
org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler.doInvoke(SAML2AuthnRequestsSignedSecurityHandler.java:77)


I have

         <bean parent="RelyingPartyByName" c:relyingPartyIds="
https://authtest.my.salesforce.com">
            <property name="profileConfigurations">
                <list>
                    <bean parent="SAML2.SSO" p:signAssertions="true"
p:encryptAssertions="false" />
                </list>
            </property>
        </bean>

in relying-party.xml


Thank you again!

Best regards,
Alexander



2015-05-07 15:22 GMT+03:00 Rod Widdowson <rdw at steadingsoftware.com>:

> > Does Shibboleth IdP 3 support unsolicited sso
>
> I cannot find the reference right now, but the answer is yes.  IdPV3
> supported the same end points as V2 and this includes the IdP-Initiated
> point (supported out of the box)
>
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO
>
> tells you how to set up the link.
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150507/4d747403/attachment.html>

More information about the users mailing list