Blackboard Transact & IDP 3.x

Rawlinson, Philip (rawlinpa) RAWLINPA at UCMAIL.UC.EDU
Tue Mar 15 10:01:17 EDT 2016 

Alan,

Were you able to get Blackboard Transact working with IdP 3.x? We are running into issues as well. After finding this thread, we tried SHA-1 as well per this wiki page, but it did not resolve the issue:
https://wiki.shibboleth.net/confluence/display/IDP30/SecurityConfiguration#SecurityConfiguration-SigningandEncryptionConfiguration
Re-reading your original post, we are not running in Legacy mode like you are.

We have had IdP 2.x working for a couple of years with no issues once we got past the FriendyName issues. We are trying to move to IdP 3.2.1 but Blackboard Transact is the main application preventing us from upgrading right now. We have several other SPs doing Attribute Queries over the back-channel and those are working fine when we do a test cutover in Production. For Transact though, when we view the idp-process.log file, we see the HTTP POSTs but not the SOAP requests. The IdP Attribute Query URL is staying the same and we are not making any changes on the Transact SP side. We are running Jetty 9.3 with a separate 8443 port for back-channel traffic as described here: https://wiki.shibboleth.net/confluence/display/IDP30/Jetty93#Jetty93-SupportingSOAPEndpoints

Help from anyone who has Blackboard Transact working with Shibboleth 3.x would be appreciated.

Philip

-----Original Message-----
From: Powell, Alan [mailto:powela at rpi.edu] 
Sent: Wednesday, February 24, 2016 4:58 PM
To: users at shibboleth.net
Subject: RE: Blackboard Transact & IDP 3.x



> 
>> I was able to get Blackboard Transact to work with our IDP, running 
>>2.x. a  while ago. I can't, however, get it to work with IDP 3.x 
>>running in legacy  mode.
>
>Same resolver config, same attributes and NameID being issued?
>
>Did you try backing off from SHA-2 to SHA-1? The default in legacy mode 
>is still SHA-2, that's a little bit odd but we were trying to make sure 
>people didn't end up stuck on SHA-1 forever.
>
>-- Scott


Yes, same config, same attributes and NameID. I will look at SHA-1 versus SHA-2, however, as that could very well be the problem. Thank you for the suggestion.

Alan

More information about the users mailing list