I emailed Westlaw's federation technical contact with the salient
information about this problem, and he responded very quickly saying he
would pass it on to their technical team immediately, so with any luck
they should get it fixed soon.
Sara
SDSS Support Team
Ian Young wrote:
> On 15 May 2009, at 13:19, Jethro R Binks wrote:
>
>> 13:11:19,713 ERROR Assertion consumer service URL
>> (http://login.westlaw.co.uk/app/authentication/sso/ukfed/auth/rcv)
>> is NOT
>> valid for provider (https://www.westlaw.co.uk/metadata). -
>> edu
>> .internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler
>> [TP-Processor18;20090515]
>
> As Andy points out, the issue here is that the registered endpoints
> are all "https://", not the "http://" that is being provided. The
> metadata is correct; we don't permit registration of assertion
> consumer location URLs that are not "https://". The good news is that
> this must have come about through a faulty reconfiguration at the SP,
> so it should start working again as soon as the configuration has been
> changed back as it won't require new metadata to propagate.
>
>> <AssertionConsumerService
>> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
>> Location="https://login.westlaw.co.uk.ukclt.int.westlaw.com/app/authentication/sso/ukfed/auth/rcv
>> "
>> index="2"></AssertionConsumerService>
>>
>> "login.westlaw.co.uk.ukclt.int.westlaw.com" seems an odd hostname, and
>> there are similar ones.
>
> Those additional ACS locations are probably for internal test and QA
> versions of the entity. Several large SPs use this kind of technique;
> it's not a problem as the SP tells the IdP which specific endpoint to
> use and all others are ignored.
>
> -- Ian
>
>
>
--
Sara Hopkins
SDSS Support Team
EDINA, University of Edinburgh
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|