-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
To check your IdP's release policy run aacli.sh on the IdP to see what attributes your IdP is releasing. Then adjust attribute-filter.xml if you need to __Jim On 10/11/2011 12:53 PM, Yannick Charbonneau wrote: > Thanks for the quick reply > > > > Figured the target right after I sent the email, I?ll add entidyid. > > > > I also think my idp is NOT returning all required values eppn,?,?,? > > > > Thanks again. > > > > Yanik > > > > *From:*Aaron Coburn [mailto:acob...@amherst.edu] > *Sent:* Tuesday, October 11, 2011 3:51 PM > *To:* vcl-user@incubator.apache.org > *Subject:* Re: VCL Shibboleth > > > > Hello, Yanik, > > It seems that you are forgetting the "target" attribute in the URL. > > Your configuration in conf.php should look something like this: > > > > $authMechs = array( > > "Affiliation 1" => array("type" => "redirect" > > > "URL" => "/Shibboleth.sso/Login?target=/shibauth&entityID={entityID for > the IdP}" > > > "affiliationid" => 0); > > ... > > ); > > > > It is also helpful to use the entityID attribute (depending on your SP > configuration), especially if there are multiple IdPs involved. That > value may look something like this: > entityID=https%3A%2F%2Fmyidp.site.com%2Fidp%2Fshibboleth > > > > Best regards, > > Aaron > > > > -- > > Aaron Coburn > > Systems Administrator and Programmer > > Academic Technology Services, Amherst College > > (413) 542-5451 acob...@amherst.edu <mailto:acob...@amherst.edu> > > > > > > > > > > On Oct 11, 2011, at 3:35 PM, Yannick Charbonneau wrote: > > > > Hi All, > > > > We have a testing vcl implementation up, we are currently trying to get > it to authenticate using our shibboleth idp (simple, single idp). > > > > I?m at the point now where I can pick Shibboleth, get redirected to our > idp, but once I log in, I get redirected to the home of vcl as opposed > to /vcl/shibbauth. > > > > I manage to get to the right place if I play around with the actionurl, > but then I always get; > > > > You have attempted to log in to VCL using a Shibboleth > Identity Provider that VCL has not been configured to > work with. VCL administrators have been notified of the > problem. > > > > What should I put in the URL field, I tried (without success); > > > > https://myvcl.site.com/Shibboleth.sso/Login (this one gets me back to > the vcl home after successful logins, but NOT authenticated) > > https://my.idp.site/idp/Login.jsp This one gives me the error above > > > > Thank you, > > > > Sorry if this is NOT the right place. > > > > Regards > > > > Yanik > > > > > - -- Jim O'Dell Network Analyst California State University Fullerton Email: jod...@fullerton.edu Phone: (657) 278-2256 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6Un/sACgkQREVHAOnXPYREEACcDAQbTpCtn7A0Vn++ox37Uhut fnMAnioyswa/CCMMazqxJ/GY3jiC1Do1 =Uf7Y -----END PGP SIGNATURE-----