Customize IDP V3 login page
Bin Han
Bin.Han at concordia.ca
Fri Mar 24 10:38:46 EDT 2017
Hello everyone:
I have made changes to our IDP v3 instance login page by modifying login.vm, however I would like to know is it possible to create different login pages for each SP system?
Is it possible to create new login page entry in the metadata or insert a javascript in the page (however we need to get the value of refer SP page)?
Thanks a lot,
Bin
-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of users-request at shibboleth.net
Sent: March-24-17 12:56 AM
To: users at shibboleth.net
Subject: users Digest, Vol 69, Issue 127
Send users mailing list submissions to
users at shibboleth.net
To subscribe or unsubscribe via the World Wide Web, visit
http://shibboleth.net/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
users-request at shibboleth.net
You can reach the person managing the list at
users-owner at shibboleth.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of users digest..."
Today's Topics:
1. Re: IDP 3.3.1 MFA issue (Cantor, Scott)
2. IDPv3 Logout (Karan Thakkar)
----------------------------------------------------------------------
Message: 1
Date: Fri, 24 Mar 2017 00:52:58 +0000
From: "Cantor, Scott" <cantor.2 at osu.edu>
To: Shib Users <users at shibboleth.net>
Subject: Re: IDP 3.3.1 MFA issue
Message-ID: <01638CB3-862D-4290-B935-607200B1F713 at osu.edu>
Content-Type: text/plain; charset="utf-8"
On 3/23/17, 7:10 PM, "users on behalf of Hong Ye" <users-bounces at shibboleth.net on behalf of hy93 at cornell.edu> wrote:
> Here is what have now, but still doesn?t work
That all looks more or less reasonable for a simple case, so I imagine you just don't have appropriate rules in place inside the MFA flow configuration and/or you don't fully grasp what the workaround involved actually is to keep the flow running when it ordinarily wouldn't. You need to look at the logs and get a better understanding of the behavior. It's going to tell you what it's doing, and you have to be able to figure out why.
The simple fact is that if it's not running, it's because the request is satisfied by the result that's already there. That's all there is.
-- Scott
------------------------------
Message: 2
Date: Fri, 24 Mar 2017 10:25:25 +0530
From: Karan Thakkar <thakkark1313 at gmail.com>
To: users at shibboleth.net
Subject: IDPv3 Logout
Message-ID:
<CAExPnk20yaW5DYDJ+nO0r77nrV6eAB68M09TMv5NaFcemq6LYw at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
I have made following changes :
IN idp.properties
idp.session.slop = PT0S
idp.session.trackSPSessions = true
idp.session.secondaryServiceIndex = true idp.session.defaultSPlifetime = PT2H idp.logout.elaboration = true idp.logout.authenticated = true idp.session.StorageService = shibboleth.StorageService
In idp-metadata.xml
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
http://pathtoidp/idp/profile/Logout"
<http://pathtoidpidp/profile/SAML2/Redirect/SLO%22> />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
http://pathtoidp/idp/profile/SAML2/POST/SLO" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="http://pathtoidp/idp/profile/SAML2/POST-SimpleSign/SLO"/>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="
http://pathtoidp/idp/profile/SAML2/SOAP/SLO"/>
In sp-metadata.xml
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
http://pathtpsp/simple/modules/saml/sp/saml2-logout.php/default-sp"
ResponseLocation
= "pathtosp/simple/modules/core/www/authenticate.php"/>
2017-03-21 10:27:40,913 - DEBUG
[org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:186]
- Resolving AttributeConsumingService candidates from SPSSODescriptor
2017-03-21 10:27:40,913 - DEBUG
[org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:141]
- AttributeConsumingService candidate list was empty, can not select service
2017-03-21 10:27:40,913 - DEBUG
[org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:138]
- Message Handler: No AttributeConsumingService selected
2017-03-21 10:27:40,918 - DEBUG
[net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:132]
- Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://pathtosp/simple/modules/saml/sp/metadata.php/default-sp
2017-03-21 10:27:40,944 - DEBUG
[net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:293]
- Resolving relying party configuration
2017-03-21 10:27:40,945 - DEBUG
[net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:305]
- Checking if relying party configuration EntityNames[ http://pathtosp/simple/modules/saml/sp/metadata.php/default-sp,] is applicable
2017-03-21 10:27:40,945 - DEBUG
[net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:307]
- Relying party configuration EntityNames[ http://pathtosp/simple/modules/saml/sp/metadata.php/default-sp,] is applicable
2017-03-21 10:27:40,945 - DEBUG
[net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] - Profile Action SelectRelyingPartyConfiguration: Found relying party configuration EntityNames[ http://pathtosp/simple/modules/saml/sp/metadata.php/default-sp,] for request
2017-03-21 10:27:40,952 - WARN
[net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/logout is not available for RP configuration EntityNames[ http://pathtosp/simple/modules/saml/sp/metadata.php/default-sp,] (RPID
http://pathtosp/simple/modules/saml/sp/metadata.php/default-sp)
2017-03-21 10:27:40,979 - WARN
[org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2017-03-21 10:27:40,980 - DEBUG
[org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:154] - No SAMLBindingContext or binding URI available, error must be handled locally
Now on going to url "/idp/profile/Logout" it does show SPs currently in session on clicking yes it does not log them out And the error message remains same in log :
Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/logout is not available for RP configuration EntityNames
Please help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170324/3c94b3d6/attachment.html>
------------------------------
Subject: Digest Footer
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
------------------------------
End of users Digest, Vol 69, Issue 127
**************************************
More information about the users
mailing list