Dual IdP System

Cantor, Scott cantor.2 at osu.edu
Mon May 18 19:24:50 EDT 2015

On 5/18/15, 11:13 PM, "Young, Darren" <Darren.Young at chicagobooth.edu> 

>Qw have a Windows 2008R2 machine that currently works with one IdP and
>we¹re trying to test it against another one. For this I¹d like to use the
>manual/static html local discovery in the SP and just type in the EntityID
>for the IdP we want to hit. If I can get one working then I¹ll move on to
>getting the SP in the other IdP and troubleshoot that. This is just a POC
>of the 2 IdP hence the static html disco for now.

That's probably major overkill, just go to 
/Shibboleth.sso/Login?entityID=... and that should be more than enough to 
test with.

>The shibboleth2.xml file used to have an <SSO> entry for that one IdP:
><SSO entityID="urn:mace:incommon:uchicago.edu">
>  SAML2
>			</SSO>
>I replaced that with the following:

You can't replace that without putting in at least one 
AssertionConsumerService, and you don't need to, don't replace it. Just 
add a SessionInitiator, don't take out the SSO element.

>What did I miss in my config? I was expecting to see the uchicago IdP
>login page after I hit submit.

No idea, that's not enough to even hazard a guess without any logs.

-- Scott

More information about the users mailing list