ApplicationOverride
jtroschke
jtroschke at imail.de
Sun Mar 11 19:21:51 EDT 2018
Hello,
I test two IDP connections in the section ApplicationDefaults. they work
properly.
Now I will use ApplicationOverride to bind more than one IDP to my
applications.
My question:
why does the IDP work as ApplicationDefaults but not as ApplicationOverride?
- I use shibboleth 2.6.1 on RHEL see: shibboleth2.xml
- Apache 2.4.26 with ssl see: ssl-vhosts.conf
- Liferay 6.2_ee_sp19 saml2-Portlet. see:idp-eap-test1.zit-bb.de.xml
- In https://eap-portal2-03.service.lvnbb.de/Shibboleth.sso/Metadata i
change
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
ID="_251d68c9e0235057f3ba7226378585ee0a7bd0bd" entityID="sp-vba-portal2-03">
to entityID="sp-eap-portal2-03" see: sp-eap-portal2-03.xml
1. https://vba-portal2-03.service.lvnbb.de/vba ->
https://webaccess-test.lvnbb.de/login and returns .
2. https://eap-portal2-03.service.lvnbb.de/eap ->
https://eap-test1.zit-bb.de/login and returns but generates error:
opensaml::FatalProfileException
opensaml::FatalProfileException at
(https://eap-portal2-03.service.lvnbb.de/Shibboleth.sso/SAML2/POST)
Assertion contains an unacceptable AudienceRestriction.
==> /var/log/shibboleth/shibd.log <==
2018-03-11 23:53:34 WARN OpenSAML.MessageDecoder.SAML2 [2]: no metadata
found, can't establish identity of issuer (idp-eap-test1.zit-bb.de)
==> /var/log/shibboleth/shibd_warn.log <==
2018-03-11 23:53:34 WARN OpenSAML.MessageDecoder.SAML2 [2]: no metadata
found, can't establish identity of issuer (idp-eap-test1.zit-bb.de)
==> /var/log/shibboleth/shibd.log <==
2018-03-11 23:53:34 WARN Shibboleth.SSO.SAML2 [2]: no metadata found, can't
establish identity of issuer (idp-eap-test1.zit-bb.de)
2018-03-11 23:53:34 ERROR OpenSAML.SecurityPolicyRule.AudienceRestriction
[2]: unacceptable AudienceRestriction in assertion
(<saml2:AudienceRestriction
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Audience>sp-eap-portal2-03</saml2:Audience></saml2:AudienceRestriction>)
2018-03-11 23:53:34 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with
assertion: Assertion contains an unacceptable AudienceRestriction.
==> /var/log/shibboleth/shibd_warn.log <==
2018-03-11 23:53:34 WARN Shibboleth.SSO.SAML2 [2]: no metadata found, can't
establish identity of issuer (idp-eap-test1.zit-bb.de)
2018-03-11 23:53:34 ERROR OpenSAML.SecurityPolicyRule.AudienceRestriction
[2]: unacceptable AudienceRestriction in assertion
(<saml2:AudienceRestriction
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Audience>sp-eap-portal2-03</saml2:Audience></saml2:AudienceRestriction>)
2018-03-11 23:53:34 WARN Shibboleth.SSO.SAML2 [2]: detected a problem with
assertion: Assertion contains an unacceptable AudienceRestriction.
==> /var/log/shibboleth/transaction.log <==
2018-03-11 23:53:34 INFO Shibboleth-TRANSACTION [2]: New session (ID: ) with
(applicationId: default) for principal from (IdP: none) at (ClientAddress:
10.128.206.51) with (NameIdentifier: none) using (Protocol:
urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: )
2018-03-11 23:53:34 INFO Shibboleth-TRANSACTION [2]: Cached the following
attributes with session (ID: ) for (applicationId: default) {
2018-03-11 23:53:34 INFO Shibboleth-TRANSACTION [2]: }
==> /var/log/shibboleth-www/native_warn.log <==
2018-03-11 23:53:34 ERROR Shibboleth.Listener [24125] shib_handler: remoted
message returned an error: Assertion contains an unacceptable
AudienceRestriction.
==> /var/log/shibboleth-www/native.log <==
2018-03-11 23:53:34 ERROR Shibboleth.Listener [24125] shib_handler: remoted
message returned an error: Assertion contains an unacceptable
AudienceRestriction.
==> /var/log/shibboleth-www/native_warn.log <==
2018-03-11 23:53:34 ERROR Shibboleth.Apache [24125] shib_handler: Assertion
contains an unacceptable AudienceRestriction.
==> /var/log/shibboleth-www/native.log <==
2018-03-11 23:53:34 ERROR Shibboleth.Apache [24125] shib_handler: Assertion
contains an unacceptable AudienceRestriction.
*shibboleth2.xml*
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
<ApplicationDefaults entityID="sp-vba-portal2-03"
REMOTE_USER="eppn persistent-id targeted-id">
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="true"
cookieProps="https">
<SSO entityID="webaccess-test-idp"
discoveryProtocol="SAMLDS"
discoveryURL="https://ds.example.org/DS/WAYF">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
<Handler type="Session" Location="/Session"
showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors supportContact="portal at service.brandenburg.de"
helpLocation="/about.html"
styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider type="XML" validate="true"
file="zitbb/idp-webaccess-test.service.lvnbb.de.xml"/>
<AttributeExtractor type="XML" validate="true" reloadChanges="false"
path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true"
path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem"
certificate="sp-cert.pem"/>
<ApplicationOverride id="sp-eap-portal2-03"
entityID="sp-eap-portal2-03">
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
checkAddress="false" handlerSSL="true" cookieProps="https">
<SSO entityID="idp-eap-test1.zit-bb.de"
discoveryProtocol="SAMLDS"
discoveryURL="https://ds.example.org/DS/WAYF">
SAML2 SAML1
</SSO>
</Sessions>
<MetadataProvider type="XML" validate="true"
file="zitbb/idp-eap-test1.zit-bb.de.xml"/>
</ApplicationOverride>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true"
path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false"
path="protocols.xml"/>
</SPConfig>
*ssl-vhosts.conf*
<VirtualHost *:443>
ServerName vba-portal2-03.service.lvnbb.de
include conf.d/ssl-vhosts.include
UseCanonicalName On
<LocationMatch "/vba">
AuthType shibboleth
ShibRequestSetting applicationId default
ShibRequestSetting requireSession 1
require shib-session
require valid-user
</LocationMatch>
RewriteRule ^/[Ss]hibbolet %{REQUEST_URI} [PT,L]
</VirtualHost>
<VirtualHost *:443>
ServerName eap-portal2-03.service.lvnbb.de
include conf.d/ssl-vhosts.include
UseCanonicalName On
<LocationMatch "/eap">
AuthType shibboleth
ShibRequestSetting applicationId sp-eap-portal2-03
ShibRequestSetting requireSession 1
require shib-session
require valid-user
</LocationMatch>
RewriteRule ^/[Ss]hibbolet %{REQUEST_URI} [PT,L]
</VirtualHost>
sp-eap-portal2-03.xml
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
ID="_251d68c9e0235057f3ba7226378585ee0a7bd0bd"
entityID="sp-grundbuch-portal2-03">
<md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<alg:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<alg:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<alg:SigningMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
</md:Extensions>
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol
urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
<md:Extensions>
<init:RequestInitiator
xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init"
Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/Login"/>
<idpdisc:DiscoveryResponse
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/Login"
index="1"/>
</md:Extensions>
<md:KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>pmwe-portal2-03</ds:KeyName>
<ds:X509Data>
<ds:X509SubjectName>CN=pmwe-portal2-03</ds:X509SubjectName>
<ds:X509Certificate>MIID9DCCAlygAwIBAgIJAKC6ATn8PK4vMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
BAMTD3Btd2UtcG9ydGFsMi0wMzAeFw0xODAzMTAxMzQzMTRaFw0yODAzMDcxMzQz
MTRaMBoxGDAWBgNVBAMTD3Btd2UtcG9ydGFsMi0wMzCCAaIwDQYJKoZIhvcNAQEB
BQADggGPADCCAYoCggGBAMlCFLzgLK+HElHFUKV2X6s2m73TGeybPY5cVKMSUq0k
Q2sFRA3ihAp5vxkEiECVZv5ToFs2pFExWEuIQ/2O0XlaV+WK6uYqu00j6jH6paWR
qvuWM61oJBqLgsagTkW6SvF60/jwZAQIuSSZjQm3CNpM0WLd0PxrNQp+i/Arf6tu
HocqtA9WFLn/OhWKfb5375Zd2jUougqhdl0dZkFOPfdOB3FArxkAe8Vj2q4AjLcC
tmpKgHBp6DbfhEW1eZGuZUEmRbLPPzvfS8DTWfQmMOxD2fNH/KoxaVySo0/BNuDw
k6mst01QgQPwB9m5poZObjZwD7dy2W0LWw9QMlvcW8GSiPNw5n/P7jyAZrNokwF/
DIXVPQm3kqVvteUwn94TNZX0ZkR8amJSjKgIEdk60OMff48mCpyi9//iV5NQ0TUf
kr8qN9fWvatp4rkOol3+e/7nRDKWoChqoeXjPeQ8JOsDnV7/MvGMCNX3oAK8YDb2
K0V0ki54uAb/JGTHNmKlqQIDAQABoz0wOzAaBgNVHREEEzARgg9wbXdlLXBvcnRh
bDItMDMwHQYDVR0OBBYEFKKAXoSuGJUGDg0s9O5WT2edIlVrMA0GCSqGSIb3DQEB
CwUAA4IBgQB7VsJB5Exp5whW7NiCmtHtN4OdsEKQ7F4PwwLowlBx4u4SM5DVWhTw
r8X2Pu63pXrbAPaYNLi0KSVlh/RFV26hM/XRdnvrFZyDfoQOwpDnmLbVhCA978jF
/NrxCMN2Q976Crs9xmdUjikk4AIVUBOmcx0fTuVfy9k7KCAfdpy0+/M1NdgS6Whn
BU8grR3JWrLYZthFt18IptbDZz4XUUfyRVs1AaWLwjInHuOl7dwnhvevWxVG1Kpy
06IWU//s/EQiCG/OXAF5joA4lN9ydc+S8KZgiYyZUJvCZjQrLwwTl7Xv6XJevl0f
8rwCyuKofMLC9S5JcyaA0oGsYBCzO2dgI43GGRFBq68RlCSuZBWnhsNgGciZzJ24
xGTnZQR7Vc0hUa2UQunVlYlIqXtIK8OtYqgxFbTwRchyPpTX5hIPrUxJgHfYc4EC
TLo/Ta65DiQMmTTxB7HV1k65TTQyFhnCLVslGEFpdy8p79JWsDEzu+vy6jnQ48z9
f81sqnWydKM=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/Artifact/SOAP"
index="1"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SLO/SOAP"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SLO/Redirect"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SLO/POST"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SLO/Artifact"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SAML2/POST"
index="1"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SAML2/POST-SimpleSign"
index="2"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SAML2/Artifact"
index="3"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SAML2/ECP"
index="4"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SAML/POST"
index="5"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
Location="https://grundbuch-portal2-03.service.lvnbb.de/Shibboleth.sso/SAML/Artifact"
index="6"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
idp-eap-test1.zit-bb.de.xml
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="idp-eap-test1.zit-bb.de"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>TRtMW5qBoIxSJzsy+vV1ezpLmHI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ngMNnnKxIhtn9ht6j4/6GrJfmvx7USq4w0luvqZwPm1NbuB9W1QfvKT9b8kz9hu3muc0h6+tXA2H0ONFIDO09aoxTr5W8xppSaARKfvpohpvRar8JQPU2hZxiBqCDG25hmyGKaJ56dCIimW7a/YsLB/ruXOlaqmksEjnGCsr5wjjiRXM4zvJipZWaaLZ9vcs/rldP/H/mcN0sV0/5TojdnFxKZ/GhqGn3mrGd1WeM0VugGQ4+WbdvVyext+Dh2zakTWPFJR+GJ41hBlfftUs9+8FtvOejLbTbDzZQHW/X/YHJv7DAWL4Um6StVEQe+ddmC3U2QsnQ+p6sTgmdnH5Kg==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICvTCCAaUCBgFh+FLSrzANBgkqhkiG9w0BAQUFADAiMQ8wDQYDVQQDDAZaSVQtQkIxDzANBgNV
BAoMBlpJVC1CQjAeFw0xODAzMDUyMjQwMzJaFw0xOTAyMjQyMjQwMzJaMCIxDzANBgNVBAMMBlpJ
VC1CQjEPMA0GA1UECgwGWklULUJCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUK7
s8SEE+RjcCTAnRk9rclnTI2MQuOIN5Zu/y/BHYjbal0/6kvAi2Tj0L3TQeQ6Yb5o+yYV1heZQmKF
ixbDm+4aX1pWNuOfYRZDC0bQOg/h4MHxfzAG7YPK8hs8tdJC/WpSwQ55VFMStW6LqxgBMIe4W7po
F0odW0GHIddPVjAkHupYc6csLI1BBOVAfiHcRxawW1CQ/S1h1TH7xyfeOjkYg3ufsZ1LRSuSap/+
ZGhPhud15UDPPdvmmTdM0hgfy5mJa+6wdkpoTaeqN2sTNnns/JRaIR44Pm0po9XKT9NVPABbErR4
+EF3iSbV64QjQGoNSAxNvXS2kvKRXVcPtQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCgd/IHh35y
402ojRG1k0jWaMF7z6gkYE/JWhmg/f7qiQzpHDsT3/kOmF/mKyyLaRusxWLidUVRXGeYzti4R5FZ
ieBugZ0n9dyRI3dt+7If5elPJdpBW4ghv19RC/VGBne+xnXxmjXoatTszycRHoBvg3DB+giXpHSL
5/YZH6UM6ZUDaUexQDHVzPEeo+dJBv7XET21QrPIWNF+8RBSI84oZ80HUkm9ZmXnGhKffYyc47/I
djScnbPEOOpzaBIXBkCx66O9G1Vj68qu7Hrk6/8Arc1xB2TveL9503qB4smU3X5xBXwz/1N52+59
MfKaemMw5Ml8+dh18xMW0D7VBdXW</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<md:IDPSSODescriptor ID="idp-eap-test1.zit-bb.de"
WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICvTCCAaUCBgFh+FLSrzANBgkqhkiG9w0BAQUFADAiMQ8wDQYDVQQDDAZaSVQtQkIxDzANBgNV
BAoMBlpJVC1CQjAeFw0xODAzMDUyMjQwMzJaFw0xOTAyMjQyMjQwMzJaMCIxDzANBgNVBAMMBlpJ
VC1CQjEPMA0GA1UECgwGWklULUJCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUK7
s8SEE+RjcCTAnRk9rclnTI2MQuOIN5Zu/y/BHYjbal0/6kvAi2Tj0L3TQeQ6Yb5o+yYV1heZQmKF
ixbDm+4aX1pWNuOfYRZDC0bQOg/h4MHxfzAG7YPK8hs8tdJC/WpSwQ55VFMStW6LqxgBMIe4W7po
F0odW0GHIddPVjAkHupYc6csLI1BBOVAfiHcRxawW1CQ/S1h1TH7xyfeOjkYg3ufsZ1LRSuSap/+
ZGhPhud15UDPPdvmmTdM0hgfy5mJa+6wdkpoTaeqN2sTNnns/JRaIR44Pm0po9XKT9NVPABbErR4
+EF3iSbV64QjQGoNSAxNvXS2kvKRXVcPtQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCgd/IHh35y
402ojRG1k0jWaMF7z6gkYE/JWhmg/f7qiQzpHDsT3/kOmF/mKyyLaRusxWLidUVRXGeYzti4R5FZ
ieBugZ0n9dyRI3dt+7If5elPJdpBW4ghv19RC/VGBne+xnXxmjXoatTszycRHoBvg3DB+giXpHSL
5/YZH6UM6ZUDaUexQDHVzPEeo+dJBv7XET21QrPIWNF+8RBSI84oZ80HUkm9ZmXnGhKffYyc47/I
djScnbPEOOpzaBIXBkCx66O9G1Vj68qu7Hrk6/8Arc1xB2TveL9503qB4smU3X5xBXwz/1N52+59
MfKaemMw5Ml8+dh18xMW0D7VBdXW</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://eap-test1.zit-bb.de/c/portal/saml/slo" />
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://eap-test1.zit-bb.de/c/portal/saml/slo" />
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://eap-test1.zit-bb.de/c/portal/saml/sso" />
<md:SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://eap-test1.zit-bb.de/c/portal/saml/sso" />
</md:IDPSSODescriptor>
</md:EntityDescriptor>
--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
More information about the users
mailing list