Problem Cyberark PVWA as SP
Yakov Revyakin
yrevyakin at gmail.com
Fri Apr 19 16:59:22 EDT 2019
Hi Nate,
I tried Redirect before with no success. I get a screen with Unsupported
Request as well as lines in log look like:
2019-04-19 23:46:46,301 - - WARN [DEPRECATED:118] - XML Element
'SourceAttribute', (file
[D:\Soft\shibboleth-idp\conf\attribute-resolver.xml]): This will be removed
in the next major version of this software; replacement is by using
<InputAttributeDefinition> and <InputDataConnector>
2019-04-19 23:46:48,618 - - WARN [DEPRECATED:118] - Spring bean
'c14n/LegacyPrincipalConnector', (c14n/subject-c14n.xml): This will be
removed in the next major version of this software; replacement is <remove>
2019-04-19 23:48:49,196 - 184.170.232.52 - WARN
[net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile
Action SelectProfileConfiguration: Profile
http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP
configuration shibboleth.UnverifiedRelyingParty (RPID Cyberark4Hide)
2019-04-19 23:48:49,214 - 184.170.232.52 - WARN
[org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event
occurred while processing the request: InvalidProfileConfiguration
I wrote SP metadata as:
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="Cyberark4Hide"
validUntil="2025-12-09T09:13:31.006Z">
<md:SPSSODescriptor AuthnRequestsSigned="false"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
https://components.cyberark.local/PasswordVault/api/auth/saml/logon"
index="0" isDefault="true"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
On Fri, 19 Apr 2019 at 19:57, Nate Klingenstein <ndk at signet.id> wrote:
> Yakov,
>
> You're sending a GET AuthnRequest to a POST decoder. Pick one or the
> other, and I'd recommend the redirect option.
>
> Thanks,
> Nate.
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190419/e90d6a13/attachment.html>
More information about the users
mailing list