Shibd (AWS cloud) to IDP problem

Cantor, Scott cantor.2 at
Fri May 20 12:26:33 EDT 2016

> I have the following config in my in-premises IDP:
>      <AssertionConsumerService
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
> Location="https://CLOUD-HOST/SHIRE/SAML2/POST" index="1"/>
>      <AssertionConsumerService
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
> Location="https://CLOUD-HOST/SHIRE/SAML/POST" index="2"/>
>   </SPSSODescriptor>

That isn't, at least self-evidently, the endpoints that a Shibboleth SP would use so that casts a lot of questions on everything else you're asking about.

> The shidb process shows that it received attributes:

As in, if it's not Shibboleth, why would anything like that even exist.

> but at "api-to-deliver-attributes", all the headers are NULL.

If you protect a resource with the SP, and you enable use of headers if Apache is involved, then they'll be set. Whether they're accessible is a local technology issue. So either the content isn't protected or the local technology is the problem.

-- Scott

More information about the users mailing list