[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: [Shib-Users] Internet, SP and IDP and getting it al to work...
From:       "B.E.N. van der Veen" <bvdveen () time-less ! nl>
Date:       2011-04-26 19:37:46
Message-ID: 4DB71F0A.4050209 () time-less ! nl
[Download RAW message or body]

Hello Peter,

This explains a lot! Thank you for the critical answer. I will try al 
the suggestions you have. I have everything up and running. But that it 
is running does not say it is correct configured ;-))

Cheerz
Ben

Peter Schober schreef:
> * B.E.N. van der Veen <bvdveen@time-less.nl> [2011-04-25 14:29]:
>   
>> I must be seeing things then:
>>     
>
> I guess you are.
>
>   
>> In my metadatafiles:
>>
>> <md:AssertionConsumerService 
>> Location="https://dnsfromsp/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"
>>       Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
>>     
>
> This has nothing to do with anything in this thread. Or your error,
> for that matter.
>
>   
>> <md:SingleSignOnService 
>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
>> Location="https://dnsfromidp/idp/profile/SAML2/POST/SSO"/>
>>        
>> So there is definitly a direction to a machine [IDP and SP]. Where
>> the metadata tells where to find what.
>>     
>
> I have no idea what you're talking about and what the above should
> indicate or prove. You wrote:
>
> * B.E.N. van der Veen <bvdveen@time-less.nl> [2011-04-24 13:22]:
>   
>> But than it redirects me to
>> https://dnsfromsp/Shibboleth.sso/SAML2/POST/SSO
>>     
>
> which is an invald endpoint at your SP, so an error is to be
> expected.
> Above you present a different (and completely unrelated) endpoint at
> your SP (which might exist, but that's irrelevant) and present yet
> another endpoint at the IdP -- which, again, is irrelevant.
>
> If you get redirected to
> "https://dnsfromsp/Shibboleth.sso/SAML2/POST/SSO" as you say, then
> your IdP must have this URL somewhere in the metadata for the SP.
> This is wrong, as, this endpoint does not exist and it does not make
> any sense (SSO is a function of an IdP, so there cannot be an "SSO"
> endpoint at an SP).
> All of this still points to you changing random stuff and asking
> questions about the effects on the list here.
>
> What you should do:
> * The SP can generate an approximation of its own metadata, check the
>   documentation on how and do this (a hint: access the URL
>   https://dnsfromsp/Shibboleth.sso/Metadata )
> * Give this piece of metadata to your IdP (according to the
>   documentation for the IdP configuration) instead of any of the
>   existing metadata resources.
> * If none of this helps post your IdP and SP metadata somewhere on the
>   net and provide a link here so that people can look at it.
>
> If all else fails, start from scratch and follow the documentation to
> the letter.
> -peter
>
>   

[prev in list] [next in list] [prev in thread] [next in thread]