entityid ApplicationOverride

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

entityid ApplicationOverride

Sven

excuse me for my english :/

hello,

for my probleme, replace real url :

sp1 => https://sp1.mysite.com   (sp functional)
sp2 => https://sp2.mysite.com


i'am install a shibboleth-sp server on ubuntu server, configuration that works very well
I would install a second shibboleth-sp on this server

my configuration use => <ApplicationOverride> in shibboleth2.xml

but when I make the url => https://sp2.mysite.com/Shibboleth.sso/Metadata 

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" <b>entityID="https://sp1.mysite.com/shibboleth" ....>
....
...
...


when i make the resource protect the second sp, i connect

url return => https://sp2.mysite.com/Shibboleth.sso/SAML2/POST with message


opensaml::FatalProfileException
The system encountered an error at Thu Dec 12 14:20:23 2013
To report this problem, please contact the site administrator at contact@....
Please include the following message in any email:
opensaml::FatalProfileException at (https://sp2.mysite.com/Shibboleth.sso/SAML2/POST)
Assertion contains an unacceptable AudienceRestriction.


logs =>

2013-12-12 09:45:01 WARN OpenSAML.MessageDecoder.SAML2 [72]: no metadata found, can't establish identity of issuer (.....)
2013-12-12 09:45:01 WARN Shibboleth.SSO.SAML2 [72]: no metadata found, can't establish identity of issuer (....)
2013-12-12 09:45:01 ERROR OpenSAML.SecurityPolicyRule.AudienceRestriction [72]: unacceptable AudienceRestriction in assertion (<saml:AudienceRestriction xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><saml:Audience>https://sp2.mysite.com/shibboleth</saml:Audience></saml:AudienceRestriction>)
2013-12-12 09:45:01 WARN Shibboleth.SSO.SAML2 [72]: detected a problem with assertion: Assertion contains an unacceptable AudienceRestriction.



virtualhost exemple


# virtualhost sp1 (functional)
##################################################
<VirtualHost *:80>
        ServerName https://sp1.mysite.com
        ServerName https://sp1.mysite.com:443

        ServerAdmin support@mysite.com
        UseCanonicalName On

        DocumentRoot /fsdfs/fsfsfs/sF/sF/s/fs
       
        <IfModule mod_shib>
               
                <Location /secure>
                                AuthType shibboleth
                                ShibRequireSession On
                                ShibExportAssertion On
                                ShibUseHeaders On
                                require valid-user
                                ShibRequestSetting applicationId default
                                ShibRequestSetting entityID ???????
                </Location>

    </IfModule>

</VirtualHost>       


# virtualhost sp2
##################################################
<VirtualHost *:80>
        ServerName https://sp2.mysite.com
        ServerName https://sp2.mysite.com:443

        ServerAdmin support@mysite.com
        UseCanonicalName On

        DocumentRoot /cdddf/dfdf/fdfdf/fdf/Dfd
       
        <IfModule mod_shib>
               
                <Location /secure2>
                                AuthType shibboleth
                                ShibRequireSession On
                                ShibExportAssertion On
                                ShibUseHeaders On
                                require valid-user
                                ShibRequestSetting applicationId app
                                ShibRequestSetting entityID ...
                </Location>

    </IfModule>

</VirtualHost>       


I do not find a problem on the forum of this problem EntityID


thanks,