(I am also) Using a different SP entity ID with the IdP SAML authn flow
janne.lauros at csc.fi
Tue Apr 5 16:28:32 UTC 2022
In the response the recipient is the same in both cases and so is the certificate in the KeyInfo. The only difference seems to be my instance not being able to find matching key if I use the earlier prevoiusly override instead of having just one global entity id with same value.
----- Original Message -----
From: "Scott Cantor" <cantor.2 at osu.edu>
To: "janne lauros" <janne.lauros at csc.fi>, "Shib Users" <users at shibboleth.net>
Sent: Tuesday, 5 April, 2022 19:01:59
Subject: Re: (I am also) Using a different SP entity ID with the IdP SAML authn flow
On 4/5/22, 11:36 AM, "Janne Lauros" <janne.lauros at csc.fi> wrote:
> Maybe I was not clear enough. Everything works fine unless I define the said override and define the
> upstream entity id there instead of using Default Relying party (with same values).
Could be an issue with the recipient value the other IdP is including in the encrypted XML, but assuming it's got the intended value, it's possible there's a bug. Maybe the IdP isn't feeding the right entityID into the key resolver. I'd check the XML first.
More information about the users