Shibd (AWS cloud) to IDP problem
Cantor, Scott
cantor.2 at osu.edu
Fri May 20 12:26:33 EDT 2016
> I have the following config in my in-premises IDP:
>
> <AssertionConsumerService
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
> Location="https://CLOUD-HOST/SHIRE/SAML2/POST" index="1"/>
> <AssertionConsumerService
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
> Location="https://CLOUD-HOST/SHIRE/SAML/POST" index="2"/>
> </SPSSODescriptor>
That isn't, at least self-evidently, the endpoints that a Shibboleth SP would use so that casts a lot of questions on everything else you're asking about.
> The shidb process shows that it received attributes:
As in, if it's not Shibboleth, why would anything like that even exist.
> but at "api-to-deliver-attributes", all the headers are NULL.
If you protect a resource with the SP, and you enable use of headers if Apache is involved, then they'll be set. Whether they're accessible is a local technology issue. So either the content isn't protected or the local technology is the problem.
-- Scott
More information about the users
mailing list