> Our IDP works - in that it lets us log into particular resources.
> However when I upgraded to FireFox3 as my browser it started throwing up
> problems with the certificate but if you click allow exception it works
Hi Heather, not sure about that bit but...
> IE 7 appears to be having an issue now but not actually telling us it is a
> problem with the certificate.
Maybe I'm missing something but when I go to an SP and choose
"West Nottinghamshire College" from the WAYF, using IE7, it takes me
to the login page and doesn't complain about the certificate.
It does put up an (empty) "choose a Digital Certificate" dialogue box
first. That's usually a sign that port 443 is configured in the web
server to require client certificates, which it shouldn't be in most cases.
It's the _other_ port that Shibboleth uses (usually 8443) that has
to be configured with SSLVerifyClient optional_no_ca (which brings
up the dialogue), but users shouldn't actually see that port at all.
(Some of the discussion in the "Re: shibboleth 2.0 idp/sp" thread may
therefore also be relevant to you).