Reward Gateway - IdP initiated SSO - UnsolicitedSSO

Lipscomb, Gary glipscomb at csu.edu.au
Mon Feb 19 18:11:51 EST 2018


Hi list,

Has anyone got unsolicited SSO working with Reward Gateway (RG). Their metadata contains no X.509 certificate [1]
When I try to do IdP initiated SSO [0] I get the errors below in the logs [2]. I don’t get sent to the IdP login screen either, just redirected to the RG site and get an error page. No additions to relying-party.xml have been made for RG.

I would really like a list of reasons to not do IdP initiated at all :-).

Regards
Gary

[0] IdP initiated SSO URL
https://idpqa.csu.edu.au/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2FXXXX.rewardgateway.com.au%2F

[1] Reward Gateway SP metadata
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2019-02-15T21:28:33Z" cacheDuration="PT1519162113S" entityID="https://XXXX.rewardgateway.com.au/">
  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://XXXX.rewardgateway.com.au/Authentication/EndLogin?idp=999999" index="1"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>


[2] idp-process.log
2018-02-20 10:06:45,476 - WARN [org.opensaml.xmlsec.impl.BasicEncryptionParametersResolver:248] - Validation failure: Failed to resolve both a data and a key encryption credential
2018-02-20 10:06:45,476 - WARN [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:348] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2018-02-20 10:06:45,477 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidSecurityConfiguration

|   ALBURY-WODONGA   |   BATHURST   |   CANBERRA   |   DUBBO   |   GOULBURN   |   MELBOURNE   |   ORANGE   |   PORT MACQUARIE   |   SYDNEY   |   WAGGA WAGGA   |

LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.
Charles Sturt University in Australia The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795 (ABN: 83 878 708 551; CRICOS Provider Number: 00005F (National)). TEQSA Provider Number: PV12018
Consider the environment before printing this email.


More information about the users mailing list