Hi Caleb,
We had the same issue. It sounds as though your idp.xml is basically
right - but it only worked for us if the Athens gateway was made the
default relying party, as though it were a legacy SP.
Simon
caleb racey wrote:
>Has anyone who has tested Athens access done so by staying in the sdss
>federation and joining the Athens federation at the same time. I'm
>trying to test accessing by being in both federations at the same time.
>
>I'm testing with a 1.3 IdP and am encountering problems, I can't find
>any "how to do multiple federations" guides to help.
>
>Does anyone have any pointers as to how your IdP.xml file should look?
>
>At present I have set it so I have several relying parties:
>
> <RelyingParty name="urn:mace:ac.uk:sdss.ac.uk:federation:sdss"
>schemaHack="true"
>providerId="urn:mace:ac.uk:sdss.ac.uk:provider:identity:lock.ncl.ac.uk"
>signingCredential="sdss_cred"><NameID nameMapping="shm"/></RelyingParty>
>
> <RelyingParty
>name="urn:mace:eduserv.org.uk:athens:federation:uk"
>providerId="urn:mace:eduserv.org.uk:athens:provider:ncl.ac.uk"
>signingCredential="athens_cred"><NameID
>nameMapping="shm"/></RelyingParty>
>
>And several metadataproviders
>
><MetadataProvider
>type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
>uri="file:/usr/local/shibboleth-idp/etc/sdss-sites-13.xml"/>
>
><MetadataProvider
>type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
>uri="file:/usr/local/shibboleth-idp/etc/athens-sites.xml"/>
>
>
>
>but when I try the gateway it gives an error message and my IdP has the
>following in the logs:
>
>Could not locate Relying Party configuration for
>(urn:mace:eduserv.org.uk:athens:federation:uk). Using default Relying
>Party: (urn:mace:ac.uk:sdss.ac.uk:federation:sdss).
>
>No metadata found for provider:
>(urn:mace:eduserv.org.uk:athens:federation:uk).
>
>
>
>Any pointers as to how to configure multiple federations in an IdP?
>
>
>
>
>Caleb Racey, Webteam, ISS
>University of Newcastle upon Tyne
>
>
|