unsolicited sso
Chance Cox
Here is the data they provided:providerId: AxiomMentorThe target is optional.The link you would post to your users would be:You will need to create the xml handler in your Shibbolith to respond to the above request.When enter that url I get this:Error Message: No profile handler configured for request at path: /SAML2/Unsolicited/SSO, What do I need to do now?
On Nov 1, 2011, at 2:55 PM, Nate Klingenstein wrote:Chance,--It's definitely a general concept in SAML 2.0, most certainly not Shibboleth-specific. Peter's message is generally right on.You need the vendor to either:A) supply SAML 2.0 Metadata for their SP, in which case you can figure everything out on your own or with our help, orB) they need to supply an entityID(named providerId by Shibboleth, a name which might be slightly unique to us, but it's the same thing), an endpoint URL(as they've done), and optionally a target URL where they'd like your users to end up after authentication.Odds are the company is not too familiar with the software they're using to offer SAML 2.0 support, but they should be able to find either A or B with (hopefully) any SAML 2.0 implementation in the world.Take care,Nate.On Nov 1, 2011, at 18:35 , Chance Cox wrote:I may have mis-interpreted the whole concept here. Im sorry for causing any confusion here but I have no idea what needs to happen here. Basically this company said we don't use shibboleth we have a SAML 2 endpoint. which is the url provided. That is all the gave me. Am i mistaking in thinking that the ProviderId is a shibboleth concept for shibboleth sp?
To unsubscribe from this list send an email to users-un...@shibboleth.net
Cantor, Scott
The terminology there is legacy support via SAML 1.1. If their SP doesn't
do SAML 2.0, then you can't expect a SAML 2.0 login to work.
>When enter that url I get this:Error Message: No profile handler
>configured for request at path: /SAML2/Unsolicited/SSO, What do I need to
>do now?
Firstly revisit your assumptions, but secondly, your IdP can't be current,
or if it was upgraded, it hasn't had modifications applied to bring its
config up to date to include the additional features added, such as
unsolicited SSO. Specifically in handler.xml and possibly internal.xml.
-- Scott
Chance Cox
Cantor, Scott
>Ok I have update the files, now I am getting: Error Message: SAML 2 SSO
>profile is not configured for relying party AxiomMentor
That's not a valid entityID for an SP, and...
>I have added the following to my relying party xml, and no go.
>
><rp:RelyingParty id="AxiomMentor"
>
>provider="https://dev.axiommentor.us/login/singleSignOn.cfm"
provider is *your* name, not their location.
And the error still makes no sense, depsite all that being wrong. Don't
know what to tell you.
Chance Cox
Error Message: Unable to construct encrypter
Does anyone know what this means?
Cantor, Scott
>I have made quite a bit of progress and have gotten to the login screen
>but after I enter my credentials and they are authenticated i receive the
>error:
>
>Error Message: Unable to construct encrypter
>
>Does anyone know what this means?
Offhand it probably means you're leaving default settings for encryption
on the SP has no key to encrypt with in its metadata, but I would imagine
the logs would say that.