Hi I'm new to SAML, trying to integrate keystone with SAML, Im using Ubuntu
12.04 with Icehouse,im following http://docs.openstack.org/developer/k...when
im trying to configure keystone with two idp,when i access
https://MYSERVER:5000/v3/OS-FEDERATIO...it gets redirected to testshib.org , it
prompts for username and password when the same is given im
gettingshibsp::ConfigurationException at (
https://MYSERVER:5000/Shibboleth.sso/... ) No MetadataProvider available.here
is my shibboleth2.xml content<SPConfig
xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
<ApplicationDefaults entityID="https://MYSERVER:5000/Shibboleth";>
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
relayState="ss:mem" handlerSSL="false">
<SSO entityID="https://idp.testshib.org/idp/shibboleth"; ECP="true">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false"/>
<Handler type="Status" Location="/Status" />
<Handler type="Session" Location="/Session"
showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors supportContact="root@localhost"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
<AttributeExtractor type="XML" validate="true"
path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true"
path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem"
certificate="sp-cert.pem"/>
<ApplicationOverride id="idp_1"
entityID="https://MYSERVER:5000/Shibboleth";>
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
relayState="ss:mem" handlerSSL="false">
<SSO
entityID="https://portal4.mss.internalidp.com/idp/shibboleth"; ECP="true">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
</Sessions>
<MetadataProvider type="XML"
uri="https://portal4.mss.internalidp.com/idp/shibboleth";
backingFilePath="/tmp/tata.xml" reloadInterval="180000" />
</ApplicationOverride>
<ApplicationOverride id="idp_2"
entityID="https://MYSERVER:5000/Shibboleth";>
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
relayState="ss:mem" handlerSSL="false">
<SSO entityID="https://idp.testshib.org/idp/shibboleth";
ECP="true">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
</Sessions>
<MetadataProvider type="XML"
uri="https://idp.testshib.org/idp/shibboleth";
backingFilePath="/tmp/testshib.xml" reloadInterval="180000"/>
</ApplicationOverride>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true"
path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false"
path="protocols.xml"/>
</SPConfig>here is my wsgi-keystoneWSGIScriptAlias /keystone/main
/var/www/cgi-bin/keystone/main
WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin
<Location "/keystone">
# NSSRequireSSL
SSLRequireSSL
Authtype none
</Location>
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<Location /v3/OS-FEDERATION/identity_providers/idp_1/protocols/saml2/auth>
ShibRequestSetting requireSession 1
ShibRequestSetting applicationId idp_1
AuthType shibboleth
ShibRequireAll On
ShibRequireSession On
ShibExportAssertion Off
Require valid-user
</Location>
<Location /v3/OS-FEDERATION/identity_providers/idp_2/protocols/saml2/auth>
ShibRequestSetting requireSession 1
ShibRequestSetting applicationId idp_2
AuthType shibboleth
ShibRequireAll On
ShibRequireSession On
ShibExportAssertion Off
Require valid-user
</Location> __________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
