Rod,
Looking at it again, IE7 flags this message when going to https://shib02.aston.ac.uk so it's happening at the apache level, there are no entries in the logs so I know where to look.
I had the idp working with testshib but I want to understand errors like:
2008-07-24 13:49:51 INFO Shibboleth.AttributeExtractor [6]: skipping unmapped SAML 2.0 Attribute with Name: urn:oid:0.9.2342.19200300.100.1.1
2008-07-24 13:49:51 WARN Shibboleth.AttributeFilter [6]: removed value at position (0) of attribute (eppn) from (https://shib02.aston.ac.uk/idp/shibboleth)
2008-07-24 13:49:51 WARN Shibboleth.AttributeFilter [6]: removed value at position (0) of attribute (affiliation) from (https://shib02.aston.ac.uk/idp/shibboleth)
Thanks
John
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Rod Widdowson
Sent: 24 July 2008 10:08
To: [log in to unmask]
Subject: Re: shibboleth 2.0 idp/sp
John,
Have you set them up separately first? That usually makes life easier.
Your symptom is that of appopraching a web seber which is trying to set up an SSL connection qhich requires a certificate on both sides. This is the way that one of the IdP ports is configured - but not one that you would ever be looking at with a browser.
Further if you were going Shib2 Sp <-> Shib2 IdP it wouldn't even be being used (since that setup should be using encryopted attribute push).
Anything of interest in any of the logs?
Rod
----- Original Message -----
From: "Williams, John" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, July 24, 2008 9:20 AM
Subject: shibboleth 2.0 idp/sp
Hi,
I am trying to set up a shib2 idp and sp using the local install instructions. I'm having a whole raft of problems with attribute release and usage but when I go to the local sp with Windows IE7 it comes up with a box labelled "Choose a digital certificate" that states:
"The website you want to view requests identification.
Please choose a certificate"
The list is blank but if I say OK it just logs in to the SP via the IdP normally. Anyone have an idea why it does this, firefox works normally?
Thanks
John
--
This communication is intended solely for the addressee The message should not be forwarded to any third party without the agreement of the sender.
--
John Williams
ISA
Aston University
|