move to new IDP
Deirdre.Kirmis at asu.edu
Fri Mar 27 19:08:11 EDT 2020
Yes, it was on the IDP side. They fixed it, and I see my IDP to choose to login, but now my web app thinks all of the accounts are new, so tries to add them, but then gives a 500 error. It's like it thinks it is a new user and goes through the steps to add the account, gives the screen to the user to "accept" adding the account, but then gives a 500 error. The dev/prod IDP accounts use the same domain information, so should be the same.
Any ideas what would cause that behavior?
Arizona State University Library
From: users <users-bounces at shibboleth.net> On Behalf Of Michael A Grady
Sent: Friday, March 27, 2020 1:04 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: move to new IDP
On Mar 27, 2020, at 2:24 PM, Deirdre Kirmis <Deirdre.Kirmis at asu.edu<mailto:Deirdre.Kirmis at asu.edu>> wrote:
have sent my metadata to them and received back the metadata for the prod IDP. I have replaced that data in my shibboleth config and restarted shibd and httpd. And, now it shows that my app is not registered with my IDP.
Is there something else that I need to do to change the IDP? I am obviously not a shib expert.
Sounds like the IdP hasn't added the metadata for your SP yet. Until the Prod IdP has been modified to recognize your SP and release attriibutes to it, there is nothing you can do on the SP side to fix that. (Other than ask the IdP team when that will happen.)
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users