Configuring Shibboleth v3 IdP for Unsolicited SSO (IdP Initiated SSO)

Timothy Enders tenders at loyola.edu
Tue Jan 15 13:56:59 EST 2019


Hi all:

I am new to the list, and relatively new to Shibboleth, so forgive me if I am about to ask something obvious here.

I have a vendor who wants to use an IdP Initiated SSO through our Shibboleth IdP to their SP. I found and read
https://wiki.shibboleth.net/confluence/display/IDP30/UnsolicitedSSOConfiguration which covers this subject.

I have the metadata from the vendor's SP, but I have no idea what I need to do on my IdP in order to get it to work properly. Whenever I try variations on the URL format given in that wiki article, I get back an error from Shibboleth that states "Web Login Service - Unsupported Request. The application you have accesses is not registered for use with this service."

Unfortunately, I can't figure out, from the Wiki, where I need to go in the Shib IdP config files to set up a relying party for an IdP Initiated RPT. (If that's even the right term.)

When I try to visit the URL, the idp-process.log generates this event:

2019-01-15 13:51:10,360 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID http://example.masked.com/exmple/masked/cpal_sso_Assertionconsumerservice.aspx)

I assume that I have to add a Metadata provider, add this guy to the relying-party.xml and set up the attribute filter for it, but it doesn't seem to work like a standard SP initiated SSO does.

Can someone help me out? Again, sorry if these are very basic questions. I'm quite new to this and got thrown in feet first.

Tim Enders
Senior Systems Engineer
[Description: Description: cid:3336388681_2393357]
4501 N. Charles Street
Baltimore, MD  21210
tenders at loyola.edu<mailto:tenders at loyola.edu>
Office- 410-617-2542
Fax - 410-617-6658
Website: www.loyola.edu

[Description: facebook]<http://www.facebook.com/LoyolaMaryland>[Description: twitter]<http://www.twitter.com/LoyolaMaryland>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190115/afcbfc28/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2147 bytes
Desc: image001.gif
URL: <http://shibboleth.net/pipermail/users/attachments/20190115/afcbfc28/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 2462 bytes
Desc: image002.gif
URL: <http://shibboleth.net/pipermail/users/attachments/20190115/afcbfc28/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 2514 bytes
Desc: image003.gif
URL: <http://shibboleth.net/pipermail/users/attachments/20190115/afcbfc28/attachment-0002.gif>


More information about the users mailing list