Shibboleth Artifact Binding : Inbound message issuer was not authenticated

Indunil Rathnayake indunil.uom at gmail.com
Thu Apr 26 01:36:26 EDT 2018


Yes. I have added the certificate of SP into the metadata file under
<KeyDescriptor> element.



On 25 April 2018 at 20:45, Tom Scavo <trscavo at gmail.com> wrote:

> On Wed, Apr 25, 2018 at 4:26 AM, Indunil Rathnayake
> <indunil.uom at gmail.com> wrote:
> >
> > Shibbolet is configured for SAML artifact binding and following error
> can be
> > seen in logs, when processing the ArtifactResolve SOAP request...
> >
> > The issuer value of ArtifactResolve request, is same as the entityID of
> the
> > SP metadata. What it meant by authenticating the issuer?
>
> In this case, the SP issues an ArtifactResolve request directly to the
> IdP. In order to complete the SAML exchange, the two parties
> authenticate each other. In particular, the IdP authenticates the SP
> before processing the ArtifactResolve request.
>
> > and how it's done?
>
> Authentication is done at the transport level (back-channel TLS) or
> the document level (XML signature). In either case, there should be a
> signing certificate in SP metadata. Is there?
>
> Tom
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 

*Indunil Rathnayake *

*Faculty of Information Technology*

*University of Moratuwa.*

Email : *indunil.uom at gmail.com <indunil.uom at gmail.com>* | Skype: indu.upeksha
| Mobile : (+94)713695179  | Twitter @indunilUR |

LinkedIn: http://lk.linkedin.com/in/indunil
<http://www.google.com/url?q=http%3A%2F%2Flk.linkedin.com%2Fin%2Findunil&sa=D&sntz=1&usg=AFQjCNEmFm8EqJj46HTiFXEXdDLn3kJ79A>
|  Facebook
: https://www.facebook.com/indunilrathnayake80
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180426/039e7eda/attachment.html>


More information about the users mailing list