Hi I'm new to SAML, trying to integrate keystone with SAML, Im using Ubuntu 12.04 with Icehouse,im following http://docs.openstack.org/developer/k...when im trying to configure keystone with two idp,when i access https://MYSERVER:5000/v3/OS-FEDERATIO...it gets redirected to testshib.org , it prompts for username and password when the same is given im gettingshibsp::ConfigurationException at ( https://MYSERVER:5000/Shibboleth.sso/... ) No MetadataProvider available.here is my shibboleth2.xml content<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180">
<ApplicationDefaults entityID="https://MYSERVER:5000/Shibboleth"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"> <SSO entityID="https://idp.testshib.org/idp/shibboleth" ECP="true"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <Handler type="Status" Location="/Status" /> <Handler type="Session" Location="/Session" showAttributeValues="false"/> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <Errors supportContact="root@localhost" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/> <AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/> <ApplicationOverride id="idp_1" entityID="https://MYSERVER:5000/Shibboleth"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"> <SSO entityID="https://portal4.mss.internalidp.com/idp/shibboleth" ECP="true"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> </Sessions> <MetadataProvider type="XML" uri="https://portal4.mss.internalidp.com/idp/shibboleth" backingFilePath="/tmp/tata.xml" reloadInterval="180000" /> </ApplicationOverride> <ApplicationOverride id="idp_2" entityID="https://MYSERVER:5000/Shibboleth"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"> <SSO entityID="https://idp.testshib.org/idp/shibboleth" ECP="true"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> </Sessions> <MetadataProvider type="XML" uri="https://idp.testshib.org/idp/shibboleth" backingFilePath="/tmp/testshib.xml" reloadInterval="180000"/> </ApplicationOverride> </ApplicationDefaults> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/> </SPConfig>here is my wsgi-keystoneWSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin <Location "/keystone"> # NSSRequireSSL SSLRequireSSL Authtype none </Location> <Location /Shibboleth.sso> SetHandler shib </Location> <Location /v3/OS-FEDERATION/identity_providers/idp_1/protocols/saml2/auth> ShibRequestSetting requireSession 1 ShibRequestSetting applicationId idp_1 AuthType shibboleth ShibRequireAll On ShibRequireSession On ShibExportAssertion Off Require valid-user </Location> <Location /v3/OS-FEDERATION/identity_providers/idp_2/protocols/saml2/auth> ShibRequestSetting requireSession 1 ShibRequestSetting applicationId idp_2 AuthType shibboleth ShibRequireAll On ShibRequireSession On ShibExportAssertion Off Require valid-user </Location>
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev