Need help in Configuration Shibboleth Error

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Need help in Configuration Shibboleth Error

Lohith Pandit
Hi,

This is Lohith from Informatics India Ltd, Bangalore,India.

We are planning to implement the Shibboleth to our database. Here is the steps I followed.

1. Installed Shibboleth IDP with dns as "idp.informindia.co.in".
2. I have installed Shibboleth Service Provider with the service provider url as "sp.informindia.co.in".
3. I have configured the basic things as per the attachment.(But not complete due to the below given error)
4. I have "WAYF.informindia.co.in" as WAYF.


@Note:
1.I have all these domains and installs on the same server.
2.These domains doesn't contains any scripts as of now for testing purpose.

Now I have strucked with how to continue next. I am getting the Error when i access "https://sp.informindia.co.in/shibboleth.sso"

Shibboleth Error

Shibboleth Extension not configured for web site (check mappings in configuration).

Can you please help me in Configuration as I am new to Shibboleth as well as What are the things i need to Add for these domains.


Regards,
Lohith P
Informatics India Ltd
Bangalore, India
Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Chad La Joie
That looks like an SP issue.  What web server are you using?

Lohith Pandit wrote:

> Hi,
>
> This is Lohith from Informatics India Ltd, Bangalore,India.
>
> We are planning to implement the Shibboleth to our database. Here is the
> steps I followed.
>
> 1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
> 2. I have installed Shibboleth Service Provider with the service
> provider url as "*sp.informindia.co.in*".
> 3. I have configured the basic things as per the attachment.(But not
> complete due to the below given error)
> 4. I have "*WAYF.informindia.co.in*" as WAYF.
>
>
> @Note:
> 1.I have all these domains and installs on the same server.
> 2.These domains doesn't contains any scripts as of now for testing purpose.
>
> Now I have strucked with how to continue next. I am getting the Error
> when i access "*https://sp.informindia.co.in/shibboleth.sso*"
>
>
>  Shibboleth Error
>
> Shibboleth Extension not configured for web site (check mappings in
> configuration).
>
> Can you please help me in Configuration as I am new to Shibboleth as
> well as What are the things i need to Add for these domains.
>
>
> *Regards,
> Lohith P
> Informatics India Ltd
> Bangalore, India*
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
[hidden email], http://www.switch.ch

Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Lohith Pandit
Hi,

Thanks for your Quick Reply, we are using Windows Server 2003.

Regards,
Lohith P
Informatics India Ltd
Bangalore, India


Chad La Joie wrote:
That looks like an SP issue.  What web server are you using?

Lohith Pandit wrote:
Hi,

This is Lohith from Informatics India Ltd, Bangalore,India.

We are planning to implement the Shibboleth to our database. Here is the steps I followed.

1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
2. I have installed Shibboleth Service Provider with the service provider url as "*sp.informindia.co.in*".
3. I have configured the basic things as per the attachment.(But not complete due to the below given error)
4. I have "*WAYF.informindia.co.in*" as WAYF.


@Note:
1.I have all these domains and installs on the same server.
2.These domains doesn't contains any scripts as of now for testing purpose.

Now I have strucked with how to continue next. I am getting the Error when i access "*https://sp.informindia.co.in/shibboleth.sso*"


 Shibboleth Error

Shibboleth Extension not configured for web site (check mappings in configuration).

Can you please help me in Configuration as I am new to Shibboleth as well as What are the things i need to Add for these domains.


*Regards,
Lohith P
Informatics India Ltd
Bangalore, India*


Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Chad La Joie
I'm not an SP or IIS expert, Nate or Scott could give a better answer,
but if my memory serves me the SP installer attempts to install a shib
handler in to IIS.  If that IIS server is running multiple virtual hosts
I don't think the installer install the Shib handler for ever host.  So,
while it's not very helpful, all I can suggest is that you look at your
IIS config for each hosted domain and make sure the Shib handler is
configured there.

Lohith Pandit wrote:

> Hi,
>
> Thanks for your Quick Reply, we are using *Windows Server 2003.
>
> **Regards,
> Lohith P
> Informatics India Ltd
> Bangalore, India*
>
> Chad La Joie wrote:
>> That looks like an SP issue.  What web server are you using?
>>
>> Lohith Pandit wrote:
>>> Hi,
>>>
>>> This is Lohith from Informatics India Ltd, Bangalore,India.
>>>
>>> We are planning to implement the Shibboleth to our database. Here is
>>> the steps I followed.
>>>
>>> 1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
>>> 2. I have installed Shibboleth Service Provider with the service
>>> provider url as "*sp.informindia.co.in*".
>>> 3. I have configured the basic things as per the attachment.(But not
>>> complete due to the below given error)
>>> 4. I have "*WAYF.informindia.co.in*" as WAYF.
>>>
>>>
>>> @Note:
>>> 1.I have all these domains and installs on the same server.
>>> 2.These domains doesn't contains any scripts as of now for testing
>>> purpose.
>>>
>>> Now I have strucked with how to continue next. I am getting the Error
>>> when i access "*https://sp.informindia.co.in/shibboleth.sso*"
>>>
>>>
>>>  Shibboleth Error
>>>
>>> Shibboleth Extension not configured for web site (check mappings in
>>> configuration).
>>>
>>> Can you please help me in Configuration as I am new to Shibboleth as
>>> well as What are the things i need to Add for these domains.
>>>
>>>
>>> *Regards,
>>> Lohith P
>>> Informatics India Ltd
>>> Bangalore, India*
>>>
>>
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
[hidden email], http://www.switch.ch

Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Lohith Pandit
Hi,

Can you please tell me in details about this IIS configuration, I checked the IIS in that Web service Extensions Shibboleth is Allowed. If any thing is there with IIS kindly let me know. Also Please provide me the EmailIds of
Nate or Scott.

Regards,
Lohith P
Informatics India Ltd
Bangalore, India




Chad La Joie wrote:
I'm not an SP or IIS expert, Nate or Scott could give a better answer, but if my memory serves me the SP installer attempts to install a shib handler in to IIS.  If that IIS server is running multiple virtual hosts I don't think the installer install the Shib handler for ever host.  So, while it's not very helpful, all I can suggest is that you look at your IIS config for each hosted domain and make sure the Shib handler is configured there.

Lohith Pandit wrote:
Hi,

Thanks for your Quick Reply, we are using *Windows Server 2003.

**Regards,
Lohith P
Informatics India Ltd
Bangalore, India*

Chad La Joie wrote:
That looks like an SP issue.  What web server are you using?

Lohith Pandit wrote:
Hi,

This is Lohith from Informatics India Ltd, Bangalore,India.

We are planning to implement the Shibboleth to our database. Here is the steps I followed.

1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
2. I have installed Shibboleth Service Provider with the service provider url as "*sp.informindia.co.in*".
3. I have configured the basic things as per the attachment.(But not complete due to the below given error)
4. I have "*WAYF.informindia.co.in*" as WAYF.


@Note:
1.I have all these domains and installs on the same server.
2.These domains doesn't contains any scripts as of now for testing purpose.

Now I have strucked with how to continue next. I am getting the Error when i access "*https://sp.informindia.co.in/shibboleth.sso*"


 Shibboleth Error

Shibboleth Extension not configured for web site (check mappings in configuration).

Can you please help me in Configuration as I am new to Shibboleth as well as What are the things i need to Add for these domains.


*Regards,
Lohith P
Informatics India Ltd
Bangalore, India*




Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Hausherr Michael
Hi
 
I have done a few installs on Windows Servers and am quite familiar with IIS 6.
 
 
The actual IIS configuration depends whether you you have multiple IIS "sites" or only one and whether you want to protect all of them or only specific ones.
With more details about your scenario, I can give you more specific information.
 
Greetings,
Michael Hausherr
------------------------------------------------------------
Fachhochschule Nordwestschweiz
Services
Abteilung Business Applications

Michael Hausherr
Teamleiter Entwicklung Applikationen
Schulthess-Allee 1
5200 Brugg AG
------------------------------------------------------------
[hidden email]
www.fhnw.ch
------------------------------------------------------------  
 

Von: Lohith Pandit [mailto:[hidden email]]
Gesendet: Mittwoch, 6. Januar 2010 09:14
An: [hidden email]
Betreff: Re: [Shib-Users] Need help in Configuration Shibboleth Error

Hi,

Can you please tell me in details about this IIS configuration, I checked the IIS in that Web service Extensions Shibboleth is Allowed. If any thing is there with IIS kindly let me know. Also Please provide me the EmailIds of
Nate or Scott.

Regards,
Lohith P
Informatics India Ltd
Bangalore, India




Chad La Joie wrote:
I'm not an SP or IIS expert, Nate or Scott could give a better answer, but if my memory serves me the SP installer attempts to install a shib handler in to IIS.  If that IIS server is running multiple virtual hosts I don't think the installer install the Shib handler for ever host.  So, while it's not very helpful, all I can suggest is that you look at your IIS config for each hosted domain and make sure the Shib handler is configured there.

Lohith Pandit wrote:
Hi,

Thanks for your Quick Reply, we are using *Windows Server 2003.

**Regards,
Lohith P
Informatics India Ltd
Bangalore, India*

Chad La Joie wrote:
That looks like an SP issue.  What web server are you using?

Lohith Pandit wrote:
Hi,

This is Lohith from Informatics India Ltd, Bangalore,India.

We are planning to implement the Shibboleth to our database. Here is the steps I followed.

1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
2. I have installed Shibboleth Service Provider with the service provider url as "*sp.informindia.co.in*".
3. I have configured the basic things as per the attachment.(But not complete due to the below given error)
4. I have "*WAYF.informindia.co.in*" as WAYF.


@Note:
1.I have all these domains and installs on the same server.
2.These domains doesn't contains any scripts as of now for testing purpose.

Now I have strucked with how to continue next. I am getting the Error when i access "*https://sp.informindia.co.in/shibboleth.sso*"


 Shibboleth Error

Shibboleth Extension not configured for web site (check mappings in configuration).

Can you please help me in Configuration as I am new to Shibboleth as well as What are the things i need to Add for these domains.


*Regards,
Lohith P
Informatics India Ltd
Bangalore, India*




Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Chad La Joie
In reply to this post by Lohith Pandit
As I said, I don't really know IIS.  I've never managed a Windows box in
my life, so no I can't provide any details other than what is documented
in the wiki.

As to Nate and Scott's email address, they are on this list and will
answer when they awake.  It's currently 4am where they are so it will be
a few hours.

Lohith Pandit wrote:

> Hi,
>
> Can you please tell me in details about this IIS configuration, I
> checked the IIS in that Web service Extensions Shibboleth is Allowed. If
> any thing is there with IIS kindly let me know. Also Please provide me
> the EmailIds of Nate or Scott.
>
> *Regards,
> Lohith P
> Informatics India Ltd
> Bangalore, India*
>
>
>
> Chad La Joie wrote:
>> I'm not an SP or IIS expert, Nate or Scott could give a better answer,
>> but if my memory serves me the SP installer attempts to install a shib
>> handler in to IIS.  If that IIS server is running multiple virtual
>> hosts I don't think the installer install the Shib handler for ever
>> host.  So, while it's not very helpful, all I can suggest is that you
>> look at your IIS config for each hosted domain and make sure the Shib
>> handler is configured there.
>>
>> Lohith Pandit wrote:
>>> Hi,
>>>
>>> Thanks for your Quick Reply, we are using *Windows Server 2003.
>>>
>>> **Regards,
>>> Lohith P
>>> Informatics India Ltd
>>> Bangalore, India*
>>>
>>> Chad La Joie wrote:
>>>> That looks like an SP issue.  What web server are you using?
>>>>
>>>> Lohith Pandit wrote:
>>>>> Hi,
>>>>>
>>>>> This is Lohith from Informatics India Ltd, Bangalore,India.
>>>>>
>>>>> We are planning to implement the Shibboleth to our database. Here
>>>>> is the steps I followed.
>>>>>
>>>>> 1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
>>>>> 2. I have installed Shibboleth Service Provider with the service
>>>>> provider url as "*sp.informindia.co.in*".
>>>>> 3. I have configured the basic things as per the attachment.(But
>>>>> not complete due to the below given error)
>>>>> 4. I have "*WAYF.informindia.co.in*" as WAYF.
>>>>>
>>>>>
>>>>> @Note:
>>>>> 1.I have all these domains and installs on the same server.
>>>>> 2.These domains doesn't contains any scripts as of now for testing
>>>>> purpose.
>>>>>
>>>>> Now I have strucked with how to continue next. I am getting the
>>>>> Error when i access "*https://sp.informindia.co.in/shibboleth.sso*"
>>>>>
>>>>>
>>>>>  Shibboleth Error
>>>>>
>>>>> Shibboleth Extension not configured for web site (check mappings in
>>>>> configuration).
>>>>>
>>>>> Can you please help me in Configuration as I am new to Shibboleth
>>>>> as well as What are the things i need to Add for these domains.
>>>>>
>>>>>
>>>>> *Regards,
>>>>> Lohith P
>>>>> Informatics India Ltd
>>>>> Bangalore, India*
>>>>>
>>>>
>>>
>>
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
[hidden email], http://www.switch.ch

Reply | Threaded
Open this post in threaded view
|

RE: Need help in Configuration Shibboleth Error

THIA Jean-Marie
In reply to this post by Lohith Pandit

Hi,

 

The shibboleth installer comes with an extension and a filter. Both should work in a multi site configuration. The installation might sometimes be tricky. You may look at http://sourcesup.cru.fr/shib4net/shib4moss/shib4moss.html and follow the link to the installation doc http://sourcesup.cru.fr/docman/index.php?group_id=426&selected_doc_group_id=813&language_id=1. I have detailed all the steps to have the shibboleth SP installed and checked.

 

There might be a tricky thing with the extension .sso mapping, if you work with .net.

 

 

Greetings,

 

Jean Marie THIA

Architecte / Chef de projet | DSI - Développement et Intégration | UPMC

+33 (0)1 4427 2608 | +33 (0)6  3220 3598 | [hidden email]  

Tour Zamansky 215 | case courrier 171 | 4 place Jussieu | 75252 Paris Cedex 05

 

 

From: Lohith Pandit [mailto:[hidden email]]
Sent: mercredi 6 janvier 2010 9:14
To: [hidden email]
Subject: Re: [Shib-Users] Need help in Configuration Shibboleth Error

 

Hi,

Can you please tell me in details about this IIS configuration, I checked the IIS in that Web service Extensions Shibboleth is Allowed. If any thing is there with IIS kindly let me know. Also Please provide me the EmailIds of Nate or Scott.

Regards,
Lohith P
Informatics India Ltd
Bangalore, India




Chad La Joie wrote:

I'm not an SP or IIS expert, Nate or Scott could give a better answer, but if my memory serves me the SP installer attempts to install a shib handler in to IIS.  If that IIS server is running multiple virtual hosts I don't think the installer install the Shib handler for ever host.  So, while it's not very helpful, all I can suggest is that you look at your IIS config for each hosted domain and make sure the Shib handler is configured there.

Lohith Pandit wrote:

Hi,

Thanks for your Quick Reply, we are using *Windows Server 2003.

**Regards,
Lohith P
Informatics India Ltd
Bangalore, India*

Chad La Joie wrote:

That looks like an SP issue.  What web server are you using?

Lohith Pandit wrote:

Hi,

This is Lohith from Informatics India Ltd, Bangalore,India.

We are planning to implement the Shibboleth to our database. Here is the steps I followed.

1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
2. I have installed Shibboleth Service Provider with the service provider url as "*sp.informindia.co.in*".
3. I have configured the basic things as per the attachment.(But not complete due to the below given error)
4. I have "*WAYF.informindia.co.in*" as WAYF.


@Note:
1.I have all these domains and installs on the same server.
2.These domains doesn't contains any scripts as of now for testing purpose.

Now I have strucked with how to continue next. I am getting the Error when i access "*https://sp.informindia.co.in/shibboleth.sso*"


 Shibboleth Error

Shibboleth Extension not configured for web site (check mappings in configuration).

Can you please help me in Configuration as I am new to Shibboleth as well as What are the things i need to Add for these domains.


*Regards,
Lohith P
Informatics India Ltd
Bangalore, India*

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Lohith Pandit
In reply to this post by Hausherr Michael
Hi,
Thanks for the Reply.

I will explain my complete steps which i have done and the requirements.

1. In the server I have three websites
  • sp.informindia.co.in
  • idp.informindia.co.in
  • wayf.informindia.co.in
    @note: These sites are mapped to seperate folders which contains 1 html file as default document.
2. Installed IDP with DNS as "idp.informindia.co.in"
3. Installed SP.
4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by sp.informindia.co.in.

Now What should I  do?
For this What are the configurations i need to do, also please explain what files(Like login page) do i need to add for all these websites.


Regards,
Lohith P
Informatics India Ltd
Bangalore, India




My requirement is to I have a site which requires Shibboleth Authentication.


Hausherr Michael wrote:
Hi
 
I have done a few installs on Windows Servers and am quite familiar with IIS 6.
 
 
The actual IIS configuration depends whether you you have multiple IIS "sites" or only one and whether you want to protect all of them or only specific ones.
With more details about your scenario, I can give you more specific information.
 
Greetings,
Michael Hausherr
------------------------------------------------------------
Fachhochschule Nordwestschweiz
Services
Abteilung Business Applications

Michael Hausherr
Teamleiter Entwicklung Applikationen
Schulthess-Allee 1
5200 Brugg AG
------------------------------------------------------------
[hidden email]
www.fhnw.ch
------------------------------------------------------------  
 

Von: Lohith Pandit [[hidden email]]
Gesendet: Mittwoch, 6. Januar 2010 09:14
An: [hidden email]
Betreff: Re: [Shib-Users] Need help in Configuration Shibboleth Error

Hi,

Can you please tell me in details about this IIS configuration, I checked the IIS in that Web service Extensions Shibboleth is Allowed. If any thing is there with IIS kindly let me know. Also Please provide me the EmailIds of
Nate or Scott.

Regards,
Lohith P
Informatics India Ltd
Bangalore, India




Chad La Joie wrote:
I'm not an SP or IIS expert, Nate or Scott could give a better answer, but if my memory serves me the SP installer attempts to install a shib handler in to IIS.  If that IIS server is running multiple virtual hosts I don't think the installer install the Shib handler for ever host.  So, while it's not very helpful, all I can suggest is that you look at your IIS config for each hosted domain and make sure the Shib handler is configured there.

Lohith Pandit wrote:
Hi,

Thanks for your Quick Reply, we are using *Windows Server 2003.

**Regards,
Lohith P
Informatics India Ltd
Bangalore, India*

Chad La Joie wrote:
That looks like an SP issue.  What web server are you using?

Lohith Pandit wrote:
Hi,

This is Lohith from Informatics India Ltd, Bangalore,India.

We are planning to implement the Shibboleth to our database. Here is the steps I followed.

1. Installed Shibboleth IDP with dns as "*idp.informindia.co.in*".
2. I have installed Shibboleth Service Provider with the service provider url as "*sp.informindia.co.in*".
3. I have configured the basic things as per the attachment.(But not complete due to the below given error)
4. I have "*WAYF.informindia.co.in*" as WAYF.


@Note:
1.I have all these domains and installs on the same server.
2.These domains doesn't contains any scripts as of now for testing purpose.

Now I have strucked with how to continue next. I am getting the Error when i access "*https://sp.informindia.co.in/shibboleth.sso*"


 Shibboleth Error

Shibboleth Extension not configured for web site (check mappings in configuration).

Can you please help me in Configuration as I am new to Shibboleth as well as What are the things i need to Add for these domains.


*Regards,
Lohith P
Informatics India Ltd
Bangalore, India*




Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Chad La Joie
What documentation are you following?

Lohith Pandit wrote:

> Hi,
> Thanks for the Reply.
>
> I will explain my complete steps which i have done and the requirements.
>
> 1. In the server I have three websites
>
>    * sp.informindia.co.in
>    * idp.informindia.co.in
>    * wayf.informindia.co.in
>
>    @note: These sites are mapped to seperate folders which contains 1
> html file as default document.
> 2. Installed IDP with DNS as "idp.informindia.co.in"
> 3. Installed SP.
> 4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by
> sp.informindia.co.in.
>
> Now What should I  do?
> For this What are the configurations i need to do, also please explain
> what files(Like login page) do i need to add for all these websites.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
[hidden email], http://www.switch.ch

Reply | Threaded
Open this post in threaded view
|

Re: Need help in Configuration Shibboleth Error

Lohith Pandit
I am looking in to "Deployment of Shibboleth Service Provider (SP) 2.1 on Windows with IIS" from "https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.1/sp/deployment/." for SP Configuration and ja.Net  for  IDP  configuration.

For testing Purpose I configured Service Provider using  Shibboleth2.xml from "
https://shibboleth.usc.edu/docs/sp/install/#testing" .  So when I browse "https://localhost/shibboleth.sso/getassertion" Then its taking me to "https://shibboleth-test.usc.edu/idp/Authn/UserPassword" where I get Login Button.
Once I click on Login button then its redirecting me back to "https://sp.informindia.co.in/Shibboleth.sso/SAML2/POST" by giving error "
Shibboleth Extension not configured for web site (check mappings in configuration)."

Regards,
Lohith P

Chad La Joie wrote:
What documentation are you following?

Lohith Pandit wrote:
Hi,
Thanks for the Reply.

I will explain my complete steps which i have done and the requirements.

1. In the server I have three websites

   * sp.informindia.co.in
   * idp.informindia.co.in
   * wayf.informindia.co.in

   @note: These sites are mapped to seperate folders which contains 1 html file as default document.
2. Installed IDP with DNS as "idp.informindia.co.in"
3. Installed SP.
4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by sp.informindia.co.in.

Now What should I  do?
For this What are the configurations i need to do, also please explain what files(Like login page) do i need to add for all these websites.

Reply | Threaded
Open this post in threaded view
|

AW: Need help in Configuration Shibboleth Error

Hausherr Michael

Hello

Maybe the Site id in the sibboleth2.xml (see snippet below) does not match the IIS identifier of the "site" to protect (453506091 in the example)  ...

<InProcess logger="native.logger">
    <ISAPI normalizeRequest="true">
        <!--
            Maps IIS Instance ID values to the host scheme/name/port/sslport. The name is
            required so that the proper <Host> in the request map above is found without
            having to cover every possible DNS/IP combination the user might enter.
            The port and scheme can usually be omitted, so the HTTP request's port and
            scheme will be used.
        -->
        <Site id="453506091" name="sp.domain.com"/>
    </ISAPI>
</InProcess>

Greetings,
Michael

Von: Lohith Pandit [mailto:[hidden email]]
Gesendet: Mittwoch, 6. Januar 2010 13:13
An: [hidden email]
Betreff: Re: [Shib-Users] Need help in Configuration Shibboleth Error

I am looking in to "Deployment of Shibboleth Service Provider (SP) 2.1 on Windows with IIS" from "https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.1/sp/deployment/." for SP Configuration and ja.Net  for  IDP  configuration.

For testing Purpose I configured Service Provider using  Shibboleth2.xml from "
https://shibboleth.usc.edu/docs/sp/install/#testing" .  So when I browse "https://localhost/shibboleth.sso/getassertion" Then its taking me to "https://shibboleth-test.usc.edu/idp/Authn/UserPassword" where I get Login Button.
Once I click on Login button then its redirecting me back to "https://sp.informindia.co.in/Shibboleth.sso/SAML2/POST" by giving error "
Shibboleth Extension not configured for web site (check mappings in configuration)."

Regards,
Lohith P

Chad La Joie wrote:
What documentation are you following?

Lohith Pandit wrote:
Hi,
Thanks for the Reply.

I will explain my complete steps which i have done and the requirements.

1. In the server I have three websites

   * sp.informindia.co.in
   * idp.informindia.co.in
   * wayf.informindia.co.in

   @note: These sites are mapped to seperate folders which contains 1 html file as default document.
2. Installed IDP with DNS as "idp.informindia.co.in"
3. Installed SP.
4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by sp.informindia.co.in.

Now What should I  do?
For this What are the configurations i need to do, also please explain what files(Like login page) do i need to add for all these websites.

Reply | Threaded
Open this post in threaded view
|

RE: Need help in Configuration Shibboleth Error

THIA Jean-Marie
In reply to this post by Lohith Pandit

Have you changed the shibboleth2.conf file for the sp. Have to map your IIS site ID with you site name. It is on step five of my install doc. You may also check if the mapping of the .sso extension is done in your site.

 

From: Lohith Pandit [mailto:[hidden email]]
Sent: mercredi 6 janvier 2010 1:13
To: [hidden email]
Subject: Re: [Shib-Users] Need help in Configuration Shibboleth Error

 

I am looking in to "Deployment of Shibboleth Service Provider (SP) 2.1 on Windows with IIS" from "https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.1/sp/deployment/." for SP Configuration and ja.Net  for  IDP  configuration.

For testing Purpose I configured Service Provider using  Shibboleth2.xml from "
https://shibboleth.usc.edu/docs/sp/install/#testing" .  So when I browse "https://localhost/shibboleth.sso/getassertion" Then its taking me to "https://shibboleth-test.usc.edu/idp/Authn/UserPassword" where I get Login Button.
Once I click on Login button then its redirecting me back to "https://sp.informindia.co.in/Shibboleth.sso/SAML2/POST" by giving error "
Shibboleth Extension not configured for web site (check mappings in configuration)."

Regards,
Lohith P

Chad La Joie wrote:

What documentation are you following?

Lohith Pandit wrote:

Hi,
Thanks for the Reply.

I will explain my complete steps which i have done and the requirements.

1. In the server I have three websites

   * sp.informindia.co.in
   * idp.informindia.co.in
   * wayf.informindia.co.in

   @note: These sites are mapped to seperate folders which contains 1 html file as default document.
2. Installed IDP with DNS as "idp.informindia.co.in"
3. Installed SP.
4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by sp.informindia.co.in.

Now What should I  do?
For this What are the configurations i need to do, also please explain what files(Like login page) do i need to add for all these websites.

 

Reply | Threaded
Open this post in threaded view
|

RE: Need help in Configuration Shibboleth Error

Cantor, Scott E.
In reply to this post by Lohith Pandit
Lohith Pandit wrote on 2010-01-06:
> Now I have strucked with how to continue next. I am getting the Error when
i
> access "https://sp.informindia.co.in/shibboleth.sso"

Firstly, it's /Shibboleth.sso, not /shibboleth.sso, and secondly, you don't
ever access that particular URL anyway. That's a base location for other
paths in the software that you also don't usually need to access directly,
certainly not while testing it.

But the error itself is because your <ISAPI> site mappings in the
configuration aren't correct and the SP is ignoring requests to the IIS site
in question.

-- Scott


Reply | Threaded
Open this post in threaded view
|

Re: AW: Need help in Configuration Shibboleth Error

Lohith Pandit
In reply to this post by Hausherr Michael
Thanks Mr.Michael, the problem was the same as you have explained, So I changed it to the correct Identifier.

I was able to redirect the SP to the Identity Provider URL which I have configured to my local IDP. No it gives error as
"
opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://idp.informindia.co.in/idp/shibboleth)"
Even if a browse the url :
https://idp.informindia.co.in/idp/shibboleth then its showing Page not found.
As I told that the Directoy I have pointed the "idp.informindia.co.in" doesn't contains any pages or folders. Can you please tell me Where should I point this Website and what to be added.

Regards,
Lohith P


Hausherr Michael wrote:

Hello

Maybe the Site id in the sibboleth2.xml (see snippet below) does not match the IIS identifier of the "site" to protect (453506091 in the example)  ...

<InProcess logger="native.logger">
    <ISAPI normalizeRequest="true">
        <!--
            Maps IIS Instance ID values to the host scheme/name/port/sslport. The name is
            required so that the proper <Host> in the request map above is found without
            having to cover every possible DNS/IP combination the user might enter.
            The port and scheme can usually be omitted, so the HTTP request's port and
            scheme will be used.
        -->
        <Site id="453506091" name="sp.domain.com"/>
    </ISAPI>
</InProcess>

Greetings,
Michael

Von: Lohith Pandit [[hidden email]]
Gesendet: Mittwoch, 6. Januar 2010 13:13
An: [hidden email]
Betreff: Re: [Shib-Users] Need help in Configuration Shibboleth Error

I am looking in to "Deployment of Shibboleth Service Provider (SP) 2.1 on Windows with IIS" from "https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.1/sp/deployment/." for SP Configuration and ja.Net  for  IDP  configuration.

For testing Purpose I configured Service Provider using  Shibboleth2.xml from "
https://shibboleth.usc.edu/docs/sp/install/#testing" .  So when I browse "https://localhost/shibboleth.sso/getassertion" Then its taking me to "https://shibboleth-test.usc.edu/idp/Authn/UserPassword" where I get Login Button.
Once I click on Login button then its redirecting me back to "https://sp.informindia.co.in/Shibboleth.sso/SAML2/POST" by giving error "
Shibboleth Extension not configured for web site (check mappings in configuration)."

Regards,
Lohith P

Chad La Joie wrote:
What documentation are you following?

Lohith Pandit wrote:
Hi,
Thanks for the Reply.

I will explain my complete steps which i have done and the requirements.

1. In the server I have three websites

   * sp.informindia.co.in
   * idp.informindia.co.in
   * wayf.informindia.co.in

   @note: These sites are mapped to seperate folders which contains 1 html file as default document.
2. Installed IDP with DNS as "idp.informindia.co.in"
3. Installed SP.
4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by sp.informindia.co.in.

Now What should I  do?
For this What are the configurations i need to do, also please explain what files(Like login page) do i need to add for all these websites.

Reply | Threaded
Open this post in threaded view
|

Re: AW: Need help in Configuration Shibboleth Error

Nate Klingenstein
Lohith,

Your SP needs to load metadata that describes your IdP so that it knows how and where to communicate with it.  That URL is just an entityID, a unique identifier for the provider.

The IdP generates metadata for itself automatically when it's installed.  This metadata is located at SHIB_HOME/metadata/idp-metadata.xml.  If you ask your SP to load that file with a MetadataProvider element, you will be on your way.  The file is only a starting point; it's not complete, not automatically updated, and you will need to maintain it.  However, it should be enough for a successful test.

There is a lot of documentation on this in the Wiki, too.

Take care,
Nate.

On Jan 8, 2010, at 6:18 AM, Lohith Pandit wrote:

Thanks Mr.Michael, the problem was the same as you have explained, So I changed it to the correct Identifier.

I was able to redirect the SP to the Identity Provider URL which I have configured to my local IDP. No it gives error as 
"
opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://idp.informindia.co.in/idp/shibboleth)"
Even if a browse the url : 
https://idp.informindia.co.in/idp/shibboleth then its showing Page not found. 
As I told that the Directoy I have pointed the "idp.informindia.co.in" doesn't contains any pages or folders. Can you please tell me Where should I point this Website and what to be added.

Regards,
Lohith P

Reply | Threaded
Open this post in threaded view
|

AW: AW: Need help in Configuration Shibboleth Error

Hausherr Michael
In reply to this post by Lohith Pandit
Hello
 
Glad I was able to help.
Your current problem seems to be a Metadata issue. Unfortunately I can't help you with that since we are running Shibboleth within a specific federation (SWITCH AAI), not as a "standalone" installation.
In my understanding, the metadata of both the identity provider and the service provider have to be available to the other party involved. If not part of a federation, one has to find a different way to accomplish that.
Maybe someone else has more expertise in this area ...
 
Greetings,
Michael
 

Von: Lohith Pandit [mailto:[hidden email]]
Gesendet: Freitag, 8. Januar 2010 07:19
An: [hidden email]
Cc: Rahul
Betreff: Re: AW: [Shib-Users] Need help in Configuration Shibboleth Error

Thanks Mr.Michael, the problem was the same as you have explained, So I changed it to the correct Identifier.

I was able to redirect the SP to the Identity Provider URL which I have configured to my local IDP. No it gives error as
"
opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://idp.informindia.co.in/idp/shibboleth)"
Even if a browse the url :
https://idp.informindia.co.in/idp/shibboleth then its showing Page not found.
As I told that the Directoy I have pointed the "idp.informindia.co.in" doesn't contains any pages or folders. Can you please tell me Where should I point this Website and what to be added.

Regards,
Lohith P


Hausherr Michael wrote:

Hello

Maybe the Site id in the sibboleth2.xml (see snippet below) does not match the IIS identifier of the "site" to protect (453506091 in the example)  ...

<InProcess logger="native.logger">
    <ISAPI normalizeRequest="true">
        <!--
            Maps IIS Instance ID values to the host scheme/name/port/sslport. The name is
            required so that the proper <Host> in the request map above is found without
            having to cover every possible DNS/IP combination the user might enter.
            The port and scheme can usually be omitted, so the HTTP request's port and
            scheme will be used.
        -->
        <Site id="453506091" name="sp.domain.com"/>
    </ISAPI>
</InProcess>

Greetings,
Michael

Von: Lohith Pandit [[hidden email]]
Gesendet: Mittwoch, 6. Januar 2010 13:13
An: [hidden email]
Betreff: Re: [Shib-Users] Need help in Configuration Shibboleth Error

I am looking in to "Deployment of Shibboleth Service Provider (SP) 2.1 on Windows with IIS" from "https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.1/sp/deployment/." for SP Configuration and ja.Net  for  IDP  configuration.

For testing Purpose I configured Service Provider using  Shibboleth2.xml from "
https://shibboleth.usc.edu/docs/sp/install/#testing" .  So when I browse "https://localhost/shibboleth.sso/getassertion" Then its taking me to "https://shibboleth-test.usc.edu/idp/Authn/UserPassword" where I get Login Button.
Once I click on Login button then its redirecting me back to "https://sp.informindia.co.in/Shibboleth.sso/SAML2/POST" by giving error "
Shibboleth Extension not configured for web site (check mappings in configuration)."

Regards,
Lohith P

Chad La Joie wrote:
What documentation are you following?

Lohith Pandit wrote:
Hi,
Thanks for the Reply.

I will explain my complete steps which i have done and the requirements.

1. In the server I have three websites

   * sp.informindia.co.in
   * idp.informindia.co.in
   * wayf.informindia.co.in

   @note: These sites are mapped to seperate folders which contains 1 html file as default document.
2. Installed IDP with DNS as "idp.informindia.co.in"
3. Installed SP.
4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by sp.informindia.co.in.

Now What should I  do?
For this What are the configurations i need to do, also please explain what files(Like login page) do i need to add for all these websites.

Reply | Threaded
Open this post in threaded view
|

Re: AW: AW: Need help in Configuration Shibboleth Error

Lohith Pandit
Hi Glad ,

Its a "standalone" installation itself and not even joined to any federation.

Also Please let me know that do I need to point the website "idp.informindia.co.in" to any directory or the Shibboleth will automatically takes this. And the Error still persists.
"opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://idp.informindia.co.in/idp/shibboleth)"

Regards,
Lohith P

Hausherr Michael wrote:
Hello
 
Glad I was able to help.
Your current problem seems to be a Metadata issue. Unfortunately I can't help you with that since we are running Shibboleth within a specific federation (SWITCH AAI), not as a "standalone" installation.
In my understanding, the metadata of both the identity provider and the service provider have to be available to the other party involved. If not part of a federation, one has to find a different way to accomplish that.
Maybe someone else has more expertise in this area ...
 
Greetings,
Michael
 

Von: Lohith Pandit [[hidden email]]
Gesendet: Freitag, 8. Januar 2010 07:19
An: [hidden email]
Cc: Rahul
Betreff: Re: AW: [Shib-Users] Need help in Configuration Shibboleth Error

Thanks Mr.Michael, the problem was the same as you have explained, So I changed it to the correct Identifier.

I was able to redirect the SP to the Identity Provider URL which I have configured to my local IDP. No it gives error as
"
opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://idp.informindia.co.in/idp/shibboleth)"
Even if a browse the url :
https://idp.informindia.co.in/idp/shibboleth then its showing Page not found.
As I told that the Directoy I have pointed the "idp.informindia.co.in" doesn't contains any pages or folders. Can you please tell me Where should I point this Website and what to be added.

Regards,
Lohith P


Hausherr Michael wrote:

Hello

Maybe the Site id in the sibboleth2.xml (see snippet below) does not match the IIS identifier of the "site" to protect (453506091 in the example)  ...

<InProcess logger="native.logger">
    <ISAPI normalizeRequest="true">
        <!--
            Maps IIS Instance ID values to the host scheme/name/port/sslport. The name is
            required so that the proper <Host> in the request map above is found without
            having to cover every possible DNS/IP combination the user might enter.
            The port and scheme can usually be omitted, so the HTTP request's port and
            scheme will be used.
        -->
        <Site id="453506091" name="sp.domain.com"/>
    </ISAPI>
</InProcess>

Greetings,
Michael

Von: Lohith Pandit [[hidden email]]
Gesendet: Mittwoch, 6. Januar 2010 13:13
An: [hidden email]
Betreff: Re: [Shib-Users] Need help in Configuration Shibboleth Error

I am looking in to "Deployment of Shibboleth Service Provider (SP) 2.1 on Windows with IIS" from "https://www.switch.ch/aai/docs/shibboleth/SWITCH/2.1/sp/deployment/." for SP Configuration and ja.Net  for  IDP  configuration.

For testing Purpose I configured Service Provider using  Shibboleth2.xml from "
https://shibboleth.usc.edu/docs/sp/install/#testing" .  So when I browse "https://localhost/shibboleth.sso/getassertion" Then its taking me to "https://shibboleth-test.usc.edu/idp/Authn/UserPassword" where I get Login Button.
Once I click on Login button then its redirecting me back to "https://sp.informindia.co.in/Shibboleth.sso/SAML2/POST" by giving error "
Shibboleth Extension not configured for web site (check mappings in configuration)."

Regards,
Lohith P

Chad La Joie wrote:
What documentation are you following?

Lohith Pandit wrote:
Hi,
Thanks for the Reply.

I will explain my complete steps which i have done and the requirements.

1. In the server I have three websites

   * sp.informindia.co.in
   * idp.informindia.co.in
   * wayf.informindia.co.in

   @note: These sites are mapped to seperate folders which contains 1 html file as default document.
2. Installed IDP with DNS as "idp.informindia.co.in"
3. Installed SP.
4. In Shibboleth2.xml I just replaced the "sp.exaple.org" by sp.informindia.co.in.

Now What should I  do?
For this What are the configurations i need to do, also please explain what files(Like login page) do i need to add for all these websites.

Reply | Threaded
Open this post in threaded view
|

Re: AW: AW: Need help in Configuration Shibboleth Error

Lohith Pandit
Also is that IDP url is Virtual or actual Url of a website?

Lohith Pandit wrote:
Hi Glad ,

Its a "standalone" installation itself and not even joined to any federation.

Also Please let me know that do I need to point the website "idp.informindia.co.in" to any directory or the Shibboleth will automatically takes this. And the Error still persists.
"opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://idp.informindia.co.in/idp/shibboleth)"

Regards,
Lohith P

Hausherr Michael wrote:
Hello
 
Glad I was able to help.
Your current problem seems to be a Metadata issue. Unfortunately I can't help you with that since we are running Shibboleth within a specific federation (SWITCH AAI), not as a "standalone" installation.
In my understanding, the metadata of both the identity provider and the service provider have to be available to the other party involved. If not part of a federation, one has to find a different way to accomplish that.
Maybe someone else has more expertise in this area ...
 
Greetings,
Michael
 

Von: Lohith Pandit [[hidden email]]
Gesendet: Freitag, 8. Januar 2010 07:19
An: [hidden email]
Cc: Rahul
Betreff: Re: AW: [Shib-Users] Need help in Configuration Shibboleth Error

Thanks Mr.Michael, the problem was the same as you have explained, So I changed it to the correct Identifier.

I was able to redirect the SP to the Identity Provider URL which I have configured to my local IDP. No it gives error as
"
opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://idp.informindia.co.in/idp/shibboleth)"
Even if a browse the url :
https://idp.informindia.co.in/idp/shibboleth then its showing Page not found.
As I told that the Directoy I have pointed the "idp.informindia.co.in" doesn't contains any pages or folders. Can you please tell me Where should I point this Website and what to be added.

Regards,
Lohith P

Reply | Threaded
Open this post in threaded view
|

Re: AW: AW: Need help in Configuration Shibboleth Error

jehan procaccia-3
FYI, I had to create my own federation (in addition to our participation
of the French Renater federation), I had difficulties to build metadatas.
I wrote a doc on creating our federation metadata file and loading it
from IdPs and SPs participating in our federation, it's in french but
example are xml files in english !
http://www-public.it-sudparis.eu/~procacci/dok/doku.php?id=docpublic:systemes:shibboleth:metadatafede#structure
hope it helps .

PS: sorry no IIS/windows example, but the procedure is the same I suppose.
PS2: Not sure about your last question, but IDP is reference by it's
Provider ID, often now, the provider ID is based on a "URL" kind of
name, for me example is  in IDP relaying-party.xml
"provider=https://shibidp1.it-sudparis.eu/idp/shibboleth" =>  ending in
metadata as:
<EntityDescriptor
entityID="https://shibidp1.it-sudparis.eu/idp/shibboleth" ...

Lohith Pandit a écrit :

> Also is that IDP url is Virtual or actual Url of a website?
>
>> Lohith Pandit wrote:
>>>> Hi Glad ,
>>>>
>>>> Its a "standalone" installation itself and not even joined to any
>>>> federation.
>>>>
>>>> Also Please let me know that do I need to point the website
>>>> "idp.informindia.co.in" to any directory or the Shibboleth will
>>>> automatically takes this. And the Error still persists.
>>>> *"opensaml::saml2md::MetadataException: Unable to locate metadata
>>>> for identity provider (https://idp.informindia.co.in/idp/shibboleth)"*
>>>>
>>>> Regards,
>>>> Lohith P
>>>>
>>>> Hausherr Michael wrote:
>>>>> Hello
>>>>>  
>>>>> Glad I was able to help.
>>>>> Your current problem seems to be a Metadata issue. Unfortunately I
>>>>> can't help you with that since we are running Shibboleth within a
>>>>> specific federation (SWITCH AAI), not as a "standalone" installation.
>>>>> In my understanding, the metadata of both the identity provider
>>>>> and the service provider have to be available to the other party
>>>>> involved. If not part of a federation, one has to find a different
>>>>> way to accomplish that.
>>>>> Maybe someone else has more expertise in this area ...
>>>>>  
>>>>> Greetings,
>>>>> Michael
>>>>>  
>>>>> *Von:* Lohith Pandit [mailto:[hidden email]]
>>>>> *Gesendet:* Freitag, 8. Januar 2010 07:19
>>>>> *An:* [hidden email]
>>>>> <mailto:[hidden email]>
>>>>> *Cc:* Rahul
>>>>> *Betreff:* Re: AW: [Shib-Users] Need help in Configuration
>>>>> Shibboleth Error
>>>>>
>>>>> Thanks Mr.Michael, the problem was the same as you have explained,
>>>>> So I changed it to the correct Identifier.
>>>>>
>>>>> I was able to redirect the SP to the Identity Provider URL which I
>>>>> have configured to my local IDP. No it gives error as
>>>>> " opensaml::saml2md::MetadataException: Unable to locate metadata
>>>>> for identity provider (https://idp.informindia.co.in/idp/shibboleth) "
>>>>> Even if a browse the url :
>>>>> https://idp.informindia.co.in/idp/shibboleth then its showing Page
>>>>> not found.
>>>>> As I told that the Directoy I have pointed the
>>>>> "idp.informindia.co.in" doesn't contains any pages or folders. Can
>>>>> you please tell me Where should I point this Website and what to
>>>>> be added.
>>>>>
>>>>> Regards,
>>>>> Lohith P
>>>>>