ArcGIS (was Re: nameid-format:unspecified for relying party)

Swanzy, Philip Scott pss127 at psu.edu
Fri Sep 21 09:43:31 EDT 2018 

I wanted to reply on this thread to close the loop since we worked with ArcGIS on the encryption issue. Turns out it is Encrypting and signing assertions when the encrypt assertion box is checked. I have submitted a bug to them to have that resolved and not treat it as mutually inclusive. Of course it is a vendor so they might take that to mean, redefining the check box so it states that it is singing and encrypting the assertion. Only time will tell what the actual solution is. Currently we had to add WantAssertionsSigned="true" to the metadata and then it all worked. 

I will note this in the ArcGis Integration guide.

-Phil Swanzy

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Tuesday, July 3, 2018 7:06 PM
To: Shib Users <users at shibboleth.net>
Subject: ArcGIS (was Re: nameid-format:unspecified for relying party)

> I tried enabling 'Encrypt Assertions' -- the metadata their config 
> then generates includes an encryption certificate (that's the only 
> difference I see with the box checked vs. not).

I'll note that along with your current observation of its viability in the document.

> I've had to disable encryption for now while awaiting an answer from 
> the vendor (to the question: why does their document show that you can 
> enable assertion encryption, then farther down tell you to explicitly 
> disable it?).

That part is just of a piece with the rest, it's not real documentation, it's just "what somebody who happened to hack up a working integration told them worked". It's more of an uneducated and poorly designed "How To" that doesn't tell me anything about what they support or require. I don't need vendors to document Shibboleth (badly), I need them to just document their own bloody systems.

If you get any farther with them, please update here or just update the update I made to the page with whatever you find out.

Thanks,
-- Scott


--
For Consortium Member technical support, see https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg&data=02%7C01%7Cpss127%40psu.edu%7C63a5e2d84650448eafb508d5e1399f68%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636662559960550304&sdata=u4FR7bJyTA9oUaCF8UBbEwEqxkToNuYOZ2fJjPBDaj4%3D&reserved=0
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list