Rod, Looking at it again, IE7 flags this message when going to https://shib02.aston.ac.uk so it's happening at the apache level, there are no entries in the logs so I know where to look. I had the idp working with testshib but I want to understand errors like: 2008-07-24 13:49:51 INFO Shibboleth.AttributeExtractor [6]: skipping unmapped SAML 2.0 Attribute with Name: urn:oid:0.9.2342.19200300.100.1.1 2008-07-24 13:49:51 WARN Shibboleth.AttributeFilter [6]: removed value at position (0) of attribute (eppn) from (https://shib02.aston.ac.uk/idp/shibboleth) 2008-07-24 13:49:51 WARN Shibboleth.AttributeFilter [6]: removed value at position (0) of attribute (affiliation) from (https://shib02.aston.ac.uk/idp/shibboleth) Thanks John -----Original Message----- From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Rod Widdowson Sent: 24 July 2008 10:08 To: [log in to unmask] Subject: Re: shibboleth 2.0 idp/sp John, Have you set them up separately first? That usually makes life easier. Your symptom is that of appopraching a web seber which is trying to set up an SSL connection qhich requires a certificate on both sides. This is the way that one of the IdP ports is configured - but not one that you would ever be looking at with a browser. Further if you were going Shib2 Sp <-> Shib2 IdP it wouldn't even be being used (since that setup should be using encryopted attribute push). Anything of interest in any of the logs? Rod ----- Original Message ----- From: "Williams, John" <[log in to unmask]> To: <[log in to unmask]> Sent: Thursday, July 24, 2008 9:20 AM Subject: shibboleth 2.0 idp/sp Hi, I am trying to set up a shib2 idp and sp using the local install instructions. I'm having a whole raft of problems with attribute release and usage but when I go to the local sp with Windows IE7 it comes up with a box labelled "Choose a digital certificate" that states: "The website you want to view requests identification. Please choose a certificate" The list is blank but if I say OK it just logs in to the SP via the IdP normally. Anyone have an idea why it does this, firefox works normally? Thanks John -- This communication is intended solely for the addressee The message should not be forwarded to any third party without the agreement of the sender. -- John Williams ISA Aston University