ArcGIS (was Re: nameid-format:unspecified for relying party)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ArcGIS (was Re: nameid-format:unspecified for relying party)

Cantor, Scott E.
> I tried enabling 'Encrypt Assertions' -- the metadata their config then
> generates includes an encryption certificate (that's the only difference
> I see with the box checked vs. not).

I'll note that along with your current observation of its viability in the document.

> I've had to disable encryption for now while awaiting an answer from the
> vendor (to the question: why does their document show that you can
> enable assertion encryption, then farther down tell you to explicitly
> disable it?).

That part is just of a piece with the rest, it's not real documentation, it's just "what somebody who happened to hack up a working integration told them worked". It's more of an uneducated and poorly designed "How To" that doesn't tell me anything about what they support or require. I don't need vendors to document Shibboleth (badly), I need them to just document their own bloody systems.

If you get any farther with them, please update here or just update the update I made to the page with whatever you find out.

Thanks,
-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: ArcGIS (was Re: nameid-format:unspecified for relying party)

PHILIP SCOTT SWANZY
I wanted to reply on this thread to close the loop since we worked with ArcGIS on the encryption issue. Turns out it is Encrypting and signing assertions when the encrypt assertion box is checked. I have submitted a bug to them to have that resolved and not treat it as mutually inclusive. Of course it is a vendor so they might take that to mean, redefining the check box so it states that it is singing and encrypting the assertion. Only time will tell what the actual solution is. Currently we had to add WantAssertionsSigned="true" to the metadata and then it all worked.

I will note this in the ArcGis Integration guide.

-Phil Swanzy

-----Original Message-----
From: users <[hidden email]> On Behalf Of Cantor, Scott
Sent: Tuesday, July 3, 2018 7:06 PM
To: Shib Users <[hidden email]>
Subject: ArcGIS (was Re: nameid-format:unspecified for relying party)

> I tried enabling 'Encrypt Assertions' -- the metadata their config
> then generates includes an encryption certificate (that's the only
> difference I see with the box checked vs. not).

I'll note that along with your current observation of its viability in the document.

> I've had to disable encryption for now while awaiting an answer from
> the vendor (to the question: why does their document show that you can
> enable assertion encryption, then farther down tell you to explicitly
> disable it?).

That part is just of a piece with the rest, it's not real documentation, it's just "what somebody who happened to hack up a working integration told them worked". It's more of an uneducated and poorly designed "How To" that doesn't tell me anything about what they support or require. I don't need vendors to document Shibboleth (badly), I need them to just document their own bloody systems.

If you get any farther with them, please update here or just update the update I made to the page with whatever you find out.

Thanks,
-- Scott


--
For Consortium Member technical support, see https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg&data=02%7C01%7Cpss127%40psu.edu%7C63a5e2d84650448eafb508d5e1399f68%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C636662559960550304&sdata=u4FR7bJyTA9oUaCF8UBbEwEqxkToNuYOZ2fJjPBDaj4%3D&reserved=0
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]