Dual IdP System
Cantor, Scott
cantor.2 at osu.edu
Mon May 18 19:24:50 EDT 2015
On 5/18/15, 11:13 PM, "Young, Darren" <Darren.Young at chicagobooth.edu>
wrote:
>Qw have a Windows 2008R2 machine that currently works with one IdP and
>we¹re trying to test it against another one. For this I¹d like to use the
>manual/static html local discovery in the SP and just type in the EntityID
>for the IdP we want to hit. If I can get one working then I¹ll move on to
>getting the SP in the other IdP and troubleshoot that. This is just a POC
>of the 2 IdP hence the static html disco for now.
That's probably major overkill, just go to
/Shibboleth.sso/Login?entityID=... and that should be more than enough to
test with.
>The shibboleth2.xml file used to have an <SSO> entry for that one IdP:
>
><SSO entityID="urn:mace:incommon:uchicago.edu">
> SAML2
> </SSO>
>
>I replaced that with the following:
You can't replace that without putting in at least one
AssertionConsumerService, and you don't need to, don't replace it. Just
add a SessionInitiator, don't take out the SSO element.
>What did I miss in my config? I was expecting to see the uchicago IdP
>login page after I hit submit.
No idea, that's not enough to even hazard a guess without any logs.
-- Scott
More information about the users
mailing list