-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You may also want to check the attribute-map.xml configuration on your SP.

eppn should be mapped in the default configuration, but some of the others 
(displayName, etc) may not be.

Aaron

On Oct 11, 2011, at 3:58 PM, James O'Dell wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> To check your IdP's release policy
> run aacli.sh on the IdP to see what attributes
> your IdP is releasing. Then adjust attribute-filter.xml
> if you need to
> 
> __Jim
> 
> On 10/11/2011 12:53 PM, Yannick Charbonneau wrote:
>> Thanks for the quick reply
>> 
>> 
>> 
>> Figured the target right after I sent the email, I?ll add entidyid.
>> 
>> 
>> 
>> I also think my idp is NOT returning all required values eppn,?,?,?
>> 
>> 
>> 
>> Thanks again.
>> 
>> 
>> 
>> Yanik
>> 
>> 
>> 
>> *From:*Aaron Coburn [mailto:acob...@amherst.edu]
>> *Sent:* Tuesday, October 11, 2011 3:51 PM
>> *To:* vcl-user@incubator.apache.org
>> *Subject:* Re: VCL Shibboleth
>> 
>> 
>> 
>> Hello, Yanik,
>> 
>> It seems that you are forgetting the "target" attribute in the URL.
>> 
>> Your configuration in conf.php should look something like this:
>> 
>> 
>> 
>> $authMechs = array(
>> 
>>            "Affiliation 1" => array("type" => "redirect"
>> 
>> 
>> "URL" => "/Shibboleth.sso/Login?target=/shibauth&entityID={entityID for
>> the IdP}"
>> 
>> 
>> "affiliationid" => 0);
>> 
>>            ...
>> 
>> );
>> 
>> 
>> 
>> It is also helpful to use the entityID attribute (depending on your SP
>> configuration), especially if there are multiple IdPs involved. That
>> value may look something like this:
>> entityID=https%3A%2F%2Fmyidp.site.com%2Fidp%2Fshibboleth
>> 
>> 
>> 
>> Best regards,
>> 
>> Aaron
>> 
>> 
>> 
>> --
>> 
>> Aaron Coburn
>> 
>> Systems Administrator and Programmer
>> 
>> Academic Technology Services, Amherst College
>> 
>> (413) 542-5451 acob...@amherst.edu <mailto:acob...@amherst.edu>
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> On Oct 11, 2011, at 3:35 PM, Yannick Charbonneau wrote:
>> 
>> 
>> 
>> Hi All,
>> 
>> 
>> 
>> We have a testing vcl implementation up, we are currently trying to get
>> it to authenticate using our shibboleth idp (simple, single idp).
>> 
>> 
>> 
>> I?m at the point now where I can pick Shibboleth, get redirected to our
>> idp, but once I log in, I get redirected to the home of vcl as opposed
>> to /vcl/shibbauth.
>> 
>> 
>> 
>> I manage to get to the right place if I play around with the actionurl,
>> but then I always get;
>> 
>> 
>> 
>> You have attempted to log in to VCL using a Shibboleth
>> Identity Provider that VCL has not been configured to
>> work with. VCL administrators have been notified of the
>> problem.
>> 
>> 
>> 
>> What should I put in the URL field, I tried (without success);
>> 
>> 
>> 
>> https://myvcl.site.com/Shibboleth.sso/Login  (this one gets me back to
>> the vcl home after successful logins, but NOT authenticated)
>> 
>> https://my.idp.site/idp/Login.jsp This one gives me the error above
>> 
>> 
>> 
>> Thank you,
>> 
>> 
>> 
>> Sorry if this is NOT the right place.
>> 
>> 
>> 
>> Regards
>> 
>> 
>> 
>> Yanik
>> 
>> 
>> 
>> 
>> 
> 
> 
> - -- 
> Jim O'Dell
> Network Analyst
> California State University Fullerton
> Email: jod...@fullerton.edu
> Phone: (657) 278-2256
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAk6Un/sACgkQREVHAOnXPYREEACcDAQbTpCtn7A0Vn++ox37Uhut
> fnMAnioyswa/CCMMazqxJ/GY3jiC1Do1
> =Uf7Y
> -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJOlKDeAAoJEEl+dorSLgxDdyUH/3mGST9gM9gpmuqOVsY20wPc
uxYSe6T/mkrVZ/LXK6hWF70OsWCf70WPOvjWF8ORBnUZQf9XT90CKq5SVbcHV1mh
AUsuvtZ+SnA4XTfJ33EuxZQ7O9vEZd5rX5A6uYx2y39v/GYemDVDuX0RB2vy1pLB
K3V13Wy/7VzIfkVesKcPWPPhAKOOUaRqevQ879S92RPt8wvelFfaqtpMbTk++VQ8
k0TLTh9GWvF3hPiKxLbQ2W6zuheeJsTpPyC55Stn0SP7jU7XOSbuV5sUfGch3qM/
46dsNt6/wojNnOx97sLBLeEVz1UMqXL8GOBWduQVTg7qZLQpC3emt1bFUt9iFIE=
=oZmJ
-----END PGP SIGNATURE-----

Reply via email to