Some of you may have seen this issue mentioned on the
[log in to unmask] list. Simon McLeish of LSE and I are
failing to get Cambridge's IdP to interwork with a Wiki at LSE, despite a
number of other IdPs having no problem accessing it.
What seems to happen is that the authentication phase works fine, but when
LSE request attributes from my IdP the request contains credentials which
my end doesn't think are valid for that SP - I end up logging
2007-11-13T14:39:40+0000 localhost [shib] cannot match certificate
subject against acceptable key names based on the metadata entityId or
KeyDescriptors
2007-11-13T14:39:40+0000 localhost [shib] Supplied credentials
(CN=gate-test.library.lse.ac.uk,OU=Library,O=London School of
Economics,L=London,ST=London,C=GB) are NOT valid for provider
(urn:mace:ac.uk:sdss.ac.uk:provider:service:gabriel.lse.ac.uk).
Firstly, has anyone any idea what's going on here?
Secondly, if anyone has access to a UK Federation-only IdP that is
expected to release at least some attributes (perhaps ePSA and/or ePTID)
to LSE then could you try accessing
https://gabriel.lse.ac.uk/simon/cgi-bin/printenv.pl
and let me know if those attributes appear in the resulting table (the
table will appear whatever, the question is whether the attribute values
are there or not). Just tell me - I'll summarise replies and any eventual
outcome to the list.
Ta in advance.
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|