Configuring Shibboleth v3 IdP for Unsolicited SSO (IdP Initiated SSO)
Nate Klingenstein
ndk at signet.id
Mon Feb 4 11:28:35 EST 2019
Tim,
> I believe that I now need the proper URL to go to in order to initiate an SSO to this SP. This is where I am not clear on things. Based on the Sibboleth doc pages, I cobbled together the following URL (I am adding some spaces so that safelinks won't eat the URL) :
>
> https:// shib3prodapp1 . ad.loyola.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=http%3a%2f%2fexample.example.com%2fexample%2flayoutscripts%2fCpal_SSO_AssertionConsumerService.aspx
You'll want to pass in the entityID rather than the AssertionConsumerService location, which will be selected by Shibboleth itself during the Unsolicited request synthesis process.
> https:// shib3prodapp1 . ad.loyola.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=ExampleCom
I still wouldn't expect any success, though, as expired metadata is ignored entirely and you would likely get the same error.
> validUntil="2018-05-13T20:34:25Z"
> entityID="ExampleCom">
Take care,
Nate.
More information about the users
mailing list