Application Override: no valid session

Hoorn, R. van der (Robbert) R.vanderHoorn at
Thu Aug 25 07:46:21 UTC 2022

Maybe I stated it the wrong way.

First: artifact is required by our IDP. That's the main reason why my client choose to use  Shibboleth, because tools like keycloak did not support this. I'm doing a "proof of concept" at the moment at their request. Other teams are trying other solutions, like custom coding in Java and customizing Keycloak to support Artifact Resolution. Their IDP does support it, but in the role of SP it is not supported yet. 

Second: in our metadata, we put our AssertionConsumerService like     <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="<myserver>/Shibboleth.sso/SAML2/Artifact" index="3"/>
Third: our IDP requires acs by index and attributeIndex; I know you don’t like that, neither do I.... 

But when using application override, it must use <myserver>/<applicationname>/Shibboleth.sso/SAML2/Artifact to use the override handler. So I have to put that, with a new index value, in my metadata, and tell the IDP to use this one by setting acsByIndex="true" acsIndex="4" in my override in shibboleth2.xml.

Have not been able to test it yet, for the IDP has to load my new metadata, and since I have to demo Shibboleth SP to the stakeholders tomorrow, I don't want to risk breaking it now... 

As you may have noticed, I'm not a Shibboleth Expert, but like they say: “In the land of the blind, the one-eyed man is king”.
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u
niet de geadresseerde bent of dit bericht abusievelijk aan u is gezonden,
wordt u verzocht dat aan de afzender te melden en het bericht te
De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard
ook, die verband houdt met risico's verbonden aan het elektronisch
verzenden van berichten.

This message may contain information that is not intended for you. If you
are not the addressee or if this message was sent to you by mistake, you
are requested to inform the sender and delete the message.
The State accepts no liability for damage of any kind resulting from the
risks inherent in the electronic transmission of messages.

More information about the users mailing list