configuring shibboleth on AWS using ELB

Deirdre Kirmis Deirdre.Kirmis at asu.edu
Tue Dec 3 02:34:57 EST 2019 

Hi all...I'm still struggling with shibboleth not working on my system. Now, I'm just trying to use the samltest site that Nate sent...have uploaded my metadata to samltest, and have copied the samltest metadata to my site. Samltest shows as a provider on my site...when I login using that, it goes through the process...lets me pick rick, then takes me back to my site, but does not log in rick or create his account. If I look at the session data, it shows all of the attributes correctly...however in my server log I get an error that the attributes are null.  When I try to "fetch" my site metadata, it just spins and never comes back as uploaded. When I manually upload the file, it acts like it was successful, but when I try the test it says my site is not registered. What am I doing wrong?

Deirdre Kirmis
Web Application Developer
Discovery Services
ASU Library
Arizona State University
480-965-7240
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Deirdre Kirmis <Deirdre.Kirmis at asu.edu>
Sent: Wednesday, November 27, 2019 4:30 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: configuring shibboleth on AWS using ELB


That is great! Thank you…it already told me that I’m missing the metadata for identity provider!



Deirdre Kirmis

Technology Services

Arizona State University Library

480-965-7240



From: users <users-bounces at shibboleth.net> On Behalf Of Nate Klingenstein
Sent: Wednesday, November 27, 2019 4:26 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: configuring shibboleth on AWS using ELB



Deirdre,



You may find https://samltest.id/<https://urldefense.proofpoint.com/v2/url?u=https-3A__samltest.id_&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=WLLruzqa9leUxPFfkRtb0oUfHYVehAPdDs_2-golteE&e=> to be a useful resource.  It's basically a fully configured SP that will let you see its logs so you can know exactly what's going on, end to end.



Best wishes,

Nate.



--------



[Image removed by sender.]

The Art of Access ®



Nate Klingenstein | Principal

https://www.signet.id/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.signet.id_&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=TGTv1t1GponuoVksgNyxYaNUwB0-U-468uHc-FilIgw&e=>



-----Original message-----
From: Deirdre Kirmis
Sent: Wednesday, November 27 2019, 12:14 pm
To: Shib Users
Subject: RE: configuring shibboleth on AWS using ELB


Eventually, we will want to set up as a federation SP, but this is just dev at this point, so we are only configuring our org IDP.

I did find the documentation on creating the metadata schema/rules, so thanks for that direction.



Deirdre Kirmis

Technology Services

Arizona State University Library

480-965-7240



-----Original Message-----

From: users <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net>> On Behalf Of Cantor, Scott

Sent: Wednesday, November 27, 2019 10:39 AM

To: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>

Subject: Re: configuring shibboleth on AWS using ELB



On 11/27/19, 12:23 PM, "users on behalf of Deirdre Kirmis" <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> on behalf of Deirdre.Kirmis at asu.edu<mailto:Deirdre.Kirmis at asu.edu>> wrote:



> How do I prepare the metadata myself?



It's an XML file with a very defined schema and set of rules for what's in it, but that's probably obvious so the intent of the question is not 100% clear.



Speaking in general terms, a federated SP (that is, one dealing with many IdPs of different organizations) really needs to be in a federation, and federations provide metadata management systems generally, though not always.



An enterprise SP is dealing with a single IdP and the IdP operator should be providing processes to follow. For myself, I don't ask SPs to give me metadata as a rule, I just expect them to inform me of the keys and hosts through a registration process, then I assign them entityID(s) to use, and I have processes to follow when changes are needed.



-- Scott





--

For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=vG7jnjpCDSN0QFq4AMsIaEJhlm75brYoTFKZaSTj9Dg&s=nmaRAJ-HfEKwZBp3UslR_FH2lQ7avk7fjdY0-PNAGIA&e=

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>

--

For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=k8dS6UKC2v800qaZG6IlByEGw4QGJlOB7ZLSlCG9I0c&e=>

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191203/4469cb9c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <http://shibboleth.net/pipermail/users/attachments/20191203/4469cb9c/attachment.jpg>

More information about the users mailing list