configuring shibboleth on AWS using ELB

Nate Klingenstein ndk at sudonym.me
Tue Dec 3 03:27:47 EST 2019


Deirdre,

I think you're nearly there. Uncomment the attributes you'd like to receive
in attribute-map.xml and wire up Shibboleth to your application or a test
page at /secure and I predict success.  Thanks for your diligence!

Best,
Nate.


On Tue, Dec 3, 2019, 12:35 AM Deirdre Kirmis <Deirdre.Kirmis at asu.edu> wrote:

> Hi all...I'm still struggling with shibboleth not working on my system.
> Now, I'm just trying to use the samltest site that Nate sent...have
> uploaded my metadata to samltest, and have copied the samltest metadata to
> my site. Samltest shows as a provider on my site...when I login using that,
> it goes through the process...lets me pick rick, then takes me back to my
> site, but does not log in rick or create his account. If I look at the
> session data, it shows all of the attributes correctly...however in my
> server log I get an error that the attributes are null.  When I try to
> "fetch" my site metadata, it just spins and never comes back as uploaded.
> When I manually upload the file, it acts like it was successful, but when I
> try the test it says my site is not registered. What am I doing wrong?
>
> Deirdre Kirmis
> Web Application Developer
> Discovery Services
> ASU Library
> Arizona State University
> 480-965-7240
> ------------------------------
> *From:* users <users-bounces at shibboleth.net> on behalf of Deirdre Kirmis <
> Deirdre.Kirmis at asu.edu>
> *Sent:* Wednesday, November 27, 2019 4:30 PM
> *To:* Shib Users <users at shibboleth.net>
> *Subject:* RE: configuring shibboleth on AWS using ELB
>
>
> That is great! Thank you…it already told me that I’m missing the metadata
> for identity provider!
>
>
>
> Deirdre Kirmis
>
> Technology Services
>
> Arizona State University Library
>
> 480-965-7240
>
>
>
> *From:* users <users-bounces at shibboleth.net> *On Behalf Of *Nate
> Klingenstein
> *Sent:* Wednesday, November 27, 2019 4:26 PM
> *To:* Shib Users <users at shibboleth.net>
> *Subject:* RE: configuring shibboleth on AWS using ELB
>
>
>
> Deirdre,
>
>
>
> You may find https://samltest.id/
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__samltest.id_&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=WLLruzqa9leUxPFfkRtb0oUfHYVehAPdDs_2-golteE&e=> to
> be a useful resource.  It's basically a fully configured SP that will let
> you see its logs so you can know exactly what's going on, end to end.
>
>
>
> Best wishes,
>
> Nate.
>
>
>
> --------
>
>
>
> [image: Image removed by sender.]
>
> The Art of Access *®*
>
>
>
> *Nate Klingenstein* | Principal
>
> https://www.signet.id/
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.signet.id_&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=TGTv1t1GponuoVksgNyxYaNUwB0-U-468uHc-FilIgw&e=>
>
>
>
> -----Original message-----
> *From:* Deirdre Kirmis
> *Sent:* Wednesday, November 27 2019, 12:14 pm
> *To:* Shib Users
> *Subject:* RE: configuring shibboleth on AWS using ELB
>
>
> Eventually, we will want to set up as a federation SP, but this is just dev at this point, so we are only configuring our org IDP.
>
> I did find the documentation on creating the metadata schema/rules, so thanks for that direction.
>
>
>
> Deirdre Kirmis
>
> Technology Services
>
> Arizona State University Library
>
> 480-965-7240
>
>
>
> -----Original Message-----
>
> From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
>
> Sent: Wednesday, November 27, 2019 10:39 AM
>
> To: Shib Users <users at shibboleth.net>
>
> Subject: Re: configuring shibboleth on AWS using ELB
>
>
>
> On 11/27/19, 12:23 PM, "users on behalf of Deirdre Kirmis" <users-bounces at shibboleth.net on behalf of Deirdre.Kirmis at asu.edu> wrote:
>
>
>
> > How do I prepare the metadata myself?
>
>
>
> It's an XML file with a very defined schema and set of rules for what's in it, but that's probably obvious so the intent of the question is not 100% clear.
>
>
>
> Speaking in general terms, a federated SP (that is, one dealing with many IdPs of different organizations) really needs to be in a federation, and federations provide metadata management systems generally, though not always.
>
>
>
> An enterprise SP is dealing with a single IdP and the IdP operator should be providing processes to follow. For myself, I don't ask SPs to give me metadata as a rule, I just expect them to inform me of the keys and hosts through a registration process, then I assign them entityID(s) to use, and I have processes to follow when changes are needed.
>
>  -- Scott
>
>
>
>
>
> --
>
> For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwICAg&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=vG7jnjpCDSN0QFq4AMsIaEJhlm75brYoTFKZaSTj9Dg&s=nmaRAJ-HfEKwZBp3UslR_FH2lQ7avk7fjdY0-PNAGIA&e=
>
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
> --
>
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg <https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwMFaQ&c=l45AxH-kUV29SRQusp9vYR0n1GycN4_2jInuKy6zbqQ&r=X1YAM2yWs1HIcWRXyPCSUtCKxhQO748y834uz5ZFnTY&m=-p3_HucMP6fgoiaOsqwQOGvonEwN8AdOsl8FKuiYMeE&s=k8dS6UKC2v800qaZG6IlByEGw4QGJlOB7ZLSlCG9I0c&e=>
>
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191203/13ab3f9c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20191203/13ab3f9c/attachment.jpg>


More information about the users mailing list