Shibboleth Artifact Binding : Inbound message issuer was not authenticated
Indunil Rathnayake
indunil.uom at gmail.com
Thu Apr 26 01:36:26 EDT 2018
Yes. I have added the certificate of SP into the metadata file under
<KeyDescriptor> element.
On 25 April 2018 at 20:45, Tom Scavo <trscavo at gmail.com> wrote:
> On Wed, Apr 25, 2018 at 4:26 AM, Indunil Rathnayake
> <indunil.uom at gmail.com> wrote:
> >
> > Shibbolet is configured for SAML artifact binding and following error
> can be
> > seen in logs, when processing the ArtifactResolve SOAP request...
> >
> > The issuer value of ArtifactResolve request, is same as the entityID of
> the
> > SP metadata. What it meant by authenticating the issuer?
>
> In this case, the SP issues an ArtifactResolve request directly to the
> IdP. In order to complete the SAML exchange, the two parties
> authenticate each other. In particular, the IdP authenticates the SP
> before processing the ArtifactResolve request.
>
> > and how it's done?
>
> Authentication is done at the transport level (back-channel TLS) or
> the document level (XML signature). In either case, there should be a
> signing certificate in SP metadata. Is there?
>
> Tom
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
*Indunil Rathnayake *
*Faculty of Information Technology*
*University of Moratuwa.*
Email : *indunil.uom at gmail.com <indunil.uom at gmail.com>* | Skype: indu.upeksha
| Mobile : (+94)713695179 | Twitter @indunilUR |
LinkedIn: http://lk.linkedin.com/in/indunil
<http://www.google.com/url?q=http%3A%2F%2Flk.linkedin.com%2Fin%2Findunil&sa=D&sntz=1&usg=AFQjCNEmFm8EqJj46HTiFXEXdDLn3kJ79A>
| Facebook
: https://www.facebook.com/indunilrathnayake80
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180426/039e7eda/attachment.html>
More information about the users
mailing list