Shibboleth set up for Embark.com service provider?

Tue Dec 21 16:53:44 UTC 2021

Happy Holidays

Sending this note out of desperation in hopes that someone else has set up
shib for embark.com. On their end they have a misnomer called a login url
for the IdP. Whatever they enter, shib simply redirects to it, log in, and
then nothing. As if you simply entered a url in the web browser of your
login page, went there and logged in, but it doesnt know where to go. Below
are the settings I received from them, and also their SP metadata.

Application Description Embark
SSO Protocol SAML 2.0
SLO Support No
AD Attributes Required No
Name ID Format email
AD Attribute Mapping Requried No
Encrypted Assertion Yes
SSO Connection Type SAML 2.0

PRODUCTION: SP Site Url https://ucsb.embark.com/saml/login/
PRODUCTION: SP Entity Id https://ucsb.embark.com
PRODUCTION: ACS Endpoint https://ucsb.embark.com/saml/login/
PRODUCTION: IDP SSO URL https://ucsb.embark.com/saml/assert
PRODUCTION: Metadata https://ucsb.embark.com/saml/metadata.xml

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="
https://ucsb.embark.com">
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol
urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDujCCAqICCQCPsuC5QY7wDzANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRUwEwYDVQQKDAwgRW1iYXJrIENvcnAxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQDDBRkZXYtbXNrY2MuZW1iYXJrLmNvbTEeMBwGCSqGSIb3DQEJARYPdGVjaEBlbWJhcmsuY29tMB4XDTIxMDExMTAyMDAyMloXDTIyMDExMTAyMDAyMlowgZ4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEVMBMGA1UECgwMIEVtYmFyayBDb3JwMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UEAwwUZGV2LW1za2NjLmVtYmFyay5jb20xHjAcBgkqhkiG9w0BCQEWD3RlY2hAZW1iYXJrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkQXQBLy5KeBmH53YseY4Hi76p29DrPdpd4/L2WyWLZxmtaGdyq4NxrKXARsi5Kp/kMPiGiGxUI0QgNzniV3zgAF9k1Drcf7IrUjcZNnQpPEr0amNmo27n7P4xbP28xcOvdxM/o4NlpoSH3/C+xlqwiPE251I/k+9qAM8Xk74nMGoBxMRdaHZyANFX1RSV0fkS+xKjZ9TLErW/4uBAJZF7gT1tK63hYwtrIKTwajU79xzztmIUPfY9uiXVISXR27gM9NYNT1KKqdMoua7+HP934GTSIgBBGn71xMBZPUG9VrV67KznmJNxKccAmKgoCZij/OTarIq5qSBgKQVivM9ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAT/Dnb3PgHGNo21H38JUoM/jlAeVsuUFZoZ6TfpNVd1SevimftjApPT1az58EmhTny70B38xhNl2b7QbMMaZFEHJFC4Pfu3e18Ut5zj3LlnYsvS1qNkr+Tr2pD9OKS6oH61vYL5rlI5Ac2HDSmW7HsqEpbEgfXy37VF5oqHhvNEyiAzjlfC0m7sbUTg6L5XO3prZ9U00gxc1ar5xheNllOD8KfRUSmVfubz/6aNe/9FZZJLQFfFktRTv+QKbzM/l9OOIvndMzqWUYf/9Q4aEeNiy+VX7s56Rbx0MLkejYZ1LedW0JNJasPivZgP2QteseX8tSlU+7vcVX0I+MznyBiw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDujCCAqICCQCPsuC5QY7wDzANBgkqhkiG9w0BAQsFADCBnjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5ZMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MRUwEwYDVQQKDAwgRW1iYXJrIENvcnAxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR0wGwYDVQQDDBRkZXYtbXNrY2MuZW1iYXJrLmNvbTEeMBwGCSqGSIb3DQEJARYPdGVjaEBlbWJhcmsuY29tMB4XDTIxMDExMTAyMDAyMloXDTIyMDExMTAyMDAyMlowgZ4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEWMBQGA1UEBwwNTmV3IFlvcmsgQ2l0eTEVMBMGA1UECgwMIEVtYmFyayBDb3JwMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEdMBsGA1UEAwwUZGV2LW1za2NjLmVtYmFyay5jb20xHjAcBgkqhkiG9w0BCQEWD3RlY2hAZW1iYXJrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkQXQBLy5KeBmH53YseY4Hi76p29DrPdpd4/L2WyWLZxmtaGdyq4NxrKXARsi5Kp/kMPiGiGxUI0QgNzniV3zgAF9k1Drcf7IrUjcZNnQpPEr0amNmo27n7P4xbP28xcOvdxM/o4NlpoSH3/C+xlqwiPE251I/k+9qAM8Xk74nMGoBxMRdaHZyANFX1RSV0fkS+xKjZ9TLErW/4uBAJZF7gT1tK63hYwtrIKTwajU79xzztmIUPfY9uiXVISXR27gM9NYNT1KKqdMoua7+HP934GTSIgBBGn71xMBZPUG9VrV67KznmJNxKccAmKgoCZij/OTarIq5qSBgKQVivM9ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAT/Dnb3PgHGNo21H38JUoM/jlAeVsuUFZoZ6TfpNVd1SevimftjApPT1az58EmhTny70B38xhNl2b7QbMMaZFEHJFC4Pfu3e18Ut5zj3LlnYsvS1qNkr+Tr2pD9OKS6oH61vYL5rlI5Ac2HDSmW7HsqEpbEgfXy37VF5oqHhvNEyiAzjlfC0m7sbUTg6L5XO3prZ9U00gxc1ar5xheNllOD8KfRUSmVfubz/6aNe/9FZZJLQFfFktRTv+QKbzM/l9OOIvndMzqWUYf/9Q4aEeNiy+VX7s56Rbx0MLkejYZ1LedW0JNJasPivZgP2QteseX8tSlU+7vcVX0I+MznyBiw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
https://ucsb.embark.com/saml/assert"/>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
https://ucsb.embark.com/saml/assert" index="0"/>

Scott Gilbert
IAM/Cloud System Administrator
Enterprise Technology Services
University of California Santa Barbara
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211221/a6d438ee/attachment.htm>