Blackboard Transact and IdP 3

IAM David Bantz dabantz at alaska.edu
Tue May 24 13:28:16 EDT 2016 

Here's my working v2 relying party config for Transact:

<!-- BlackBoard Transact does not support encryption; uses
AttributeQuery 2014-10-23 -->
   <RelyingParty
id="https://sp.transactsp.com/shibboleth-sp/mgmt-ualaska-sp.blackboard.com/mgmt"
       provider="urn:mace:incommon:alaska.edu"
       defaultSigningCredentialRef="IdPCredential"
       defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport">
       <ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
encryptAssertions="never" encryptNameIds="never" />
       <ProfileConfiguration
xsi:type="saml:SAML2AttributeQueryProfile" encryptAssertions="never"
encryptNameIds="never" />
   </RelyingParty>

Additional unique aspects of the Transact SP are:

<!-- Bb Transact require something like ePPN in the SAML Subject -->

<!-- Bb Transact requires its own unique FriendlyNames so add
definitions and encoders with those FriendlyNames -->

David Bantz
UAlaska

On Tue, May 24, 2016 at 8:24 AM, Peter Schober <peter.schober at univie.ac.at>
wrote:

> * James McCartin <jmccartin at loyola.edu> [2016-05-24 17:56]:
> > The SP does ignore the attributes sent in the HTTP POST and then
> > queries the IdP.  What can I look at to confirm that my v3 IdP
> > supports this type of attribute query?
>
> The documentation? I have no idea how you deployed your IDP, how you
> decided supported SOAP queries, on what port, involving what
> containers, etc.
>
> Assuming for now you have properly configured SOAP support, I'd start
> with making sure the port you publish for your IDP's
> AttributeAuthority endpoints is open on the firewall.
> I.e., if https://shibprodapp.loyola.edu/idp/shibboleth is your IDP
> make sure that https://shibprodapp.loyola.edu:8443/ can be reached
> from the outside world -- it currently isn't.
>
> If in doubt look at the SAML Metadata the SP in question has about
> your IDP, and make sure the endpoints puiblished there are reachable.
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160524/478da302/attachment.html>

More information about the users mailing list