Problems using FEIDE as IdP with shibboleth
Peter Schober
peter.schober at univie.ac.at
Mon Apr 4 08:59:34 EDT 2016
* Peter Schober <peter.schober at univie.ac.at> [2016-04-04 14:41]:
> I don't see SAML Metadata published for https://idp-test.feide.no
> anywhere (e.g. in https://met.refeds.org/ ) so mabe talk to to the
> FEIDE folks, at <support at feide.no>.
E.g. if you just grabbed it from here:
https://idp-test.feide.no/simplesaml/saml2/idp/metadata.php?output=xhtml
then a default Shib SP (or SimpleSAMLphp SP with the added code for
Scope checking) would never accept any scoped attributes (such as
eduPersonPrincipalName) from an IDP with that metadata.
The metadata needs to match the attribute's scope value, you don't
provide either of those, so it all depends on where you got them from
and what that IDP sends. (Maybe idp-test.feide.no sends data with
difference scopes that idp.feide.no, etc., all questions for FEIDE
support.)
-peter
More information about the users
mailing list