Dual IdP System
Young, Darren
Darren.Young at chicagobooth.edu
Tue May 19 18:02:18 EDT 2015
After going back to the previous <SSO> tag I used the femma tool to export
the ADFS metadata and added it to the Shib SP as a local file. I also
registered the SP as a relying party in the ADFS IdP. After fiddling with
misspellings & punctuation issues of the parameters to the SP Login url I
am now getting bounced through the ADFS login screen.
Thanks for the heads up to remove the other configuration elements, the
<SSO> tag + Login? is so much easier.
Now to see what the headers look like on the app.
Thanks for the pointers.
Darren Young
Systems & Security Architect
Information Technology
The University of Chicago
Booth School of Business
5807 South Woodlawn Ave
Chicago, Illinois 60637
Tel: 773.702.0331
www.ChicagoBooth.edu <http://www.chicagobooth.edu/>
-------------------------------
Get the latest Booth Thinking
<http://www.facebook.com/booththinking>
<http://twitter.com/BoothThinking> <http://youtube.com/booththinking>
On 5/18/15, 7:41 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>On 5/19/15, 12:30 AM, "Young, Darren" <Darren.Young at chicagobooth.edu>
>wrote:
>
>
>
>>That's what it does, I hit /secure/landing.aspx, put in the EntityID,
>>hit
>>submit and that's the URL the browser 500's at.
>
>The URL you posted was this:
>
>https://xxxx.xxxx.edu/Shibboleth.sso/idpchooser?target=ss%3Amem%3A8fc93d01
>0
>b34835a04c9208c2f6afcbe4241faab7e5318a9457de092415f6c15&entityID=urn%3Amac
>e
>%3Aincommon%3Auchicago.edu
>
>
>That's what I would expect it to go back to, and I have no idea what
>would
>cause an error, but no error from IIS means anything unless you turn off
>its error masking or check the logs.
>
>That is not exactly the same URL I was talking about. The <SSO> element
>installs code to /Shibboleth.sso/Login and you should be able to build
>links to that location with parameters to do any testing you need without
>wasting any time trying to get that old discovery code to work if it's
>not
>working easily.
>
>-- Scott
>
>--
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net
More information about the users
mailing list