[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: [Shib-Users] Internet, SP and IDP and getting it al to work...
From: "B.E.N. van der Veen" <bvdveen () time-less ! nl>
Date: 2011-04-26 19:37:46
Message-ID: 4DB71F0A.4050209 () time-less ! nl
[Download RAW message or body]
Hello Peter,
This explains a lot! Thank you for the critical answer. I will try al
the suggestions you have. I have everything up and running. But that it
is running does not say it is correct configured ;-))
Cheerz
Ben
Peter Schober schreef:
> * B.E.N. van der Veen <bvdveen@time-less.nl> [2011-04-25 14:29]:
>
>> I must be seeing things then:
>>
>
> I guess you are.
>
>
>> In my metadatafiles:
>>
>> <md:AssertionConsumerService
>> Location="https://dnsfromsp/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"
>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
>>
>
> This has nothing to do with anything in this thread. Or your error,
> for that matter.
>
>
>> <md:SingleSignOnService
>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>> Location="https://dnsfromidp/idp/profile/SAML2/POST/SSO"/>
>>
>> So there is definitly a direction to a machine [IDP and SP]. Where
>> the metadata tells where to find what.
>>
>
> I have no idea what you're talking about and what the above should
> indicate or prove. You wrote:
>
> * B.E.N. van der Veen <bvdveen@time-less.nl> [2011-04-24 13:22]:
>
>> But than it redirects me to
>> https://dnsfromsp/Shibboleth.sso/SAML2/POST/SSO
>>
>
> which is an invald endpoint at your SP, so an error is to be
> expected.
> Above you present a different (and completely unrelated) endpoint at
> your SP (which might exist, but that's irrelevant) and present yet
> another endpoint at the IdP -- which, again, is irrelevant.
>
> If you get redirected to
> "https://dnsfromsp/Shibboleth.sso/SAML2/POST/SSO" as you say, then
> your IdP must have this URL somewhere in the metadata for the SP.
> This is wrong, as, this endpoint does not exist and it does not make
> any sense (SSO is a function of an IdP, so there cannot be an "SSO"
> endpoint at an SP).
> All of this still points to you changing random stuff and asking
> questions about the effects on the list here.
>
> What you should do:
> * The SP can generate an approximation of its own metadata, check the
> documentation on how and do this (a hint: access the URL
> https://dnsfromsp/Shibboleth.sso/Metadata )
> * Give this piece of metadata to your IdP (according to the
> documentation for the IdP configuration) instead of any of the
> existing metadata resources.
> * If none of this helps post your IdP and SP metadata somewhere on the
> net and provide a link here so that people can look at it.
>
> If all else fails, start from scratch and follow the documentation to
> the letter.
> -peter
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic