Menu
▾
▴
Re: [Unity-idm-discuss] Unable to configure metadata URL
|
From: Krzysztof B. <go...@ic...> - 2015-09-03 12:57:06
|
Hi, W dniu 03.09.2015 o 14:23, Gerben Venekamp pisze: > Recently I have migrated a Unity installation to a different machine. In > doing so, I have changed the configuration slightly. I had to change the > URL of the metadata, because the new machine resolves to a new name. At > the same time I changed the name of the metadata file. In the examples > the metatdata file was always referenced as metadata1. I could not > understand the necessity of the ‘1’ and hence removed it. As it tuned > out, the configured URL leads to a ‘404, Not Found’. No matter what I > name my metadata file in the below configuration, it will always be: > https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata*1* > > It does not matter if I call it ‘metadata’ or ‘metadataaaaaa’. It always > seems to live at: ‘metadata1’. I am not sure this is a bug, for I cannot > find ‘metadata1’ in the source files (version: 1.6.1). Tried to look > deeper in to the code, but Eclipse (Mars) does not seem to work with > ‘m2e’ and gives me errors. Then again, I am not experienced with Eclipse. > > My configuration file: > > unity.saml.requester.requesterEntityId=https://unity.sara.cloudlet.sara.nl:2443/unitygw/saml-sp-metadata/metadata > unity.saml.requester.metadataPath=metadata > unity.saml.requester.requesterCredential=surfsara > unity.saml.requester.acceptedNameFormats.1=urn:oasis:names:tc:SAML:2.0:nameid-format:persistent > unity.saml.requester.acceptedNameFormats.2=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress > unity.saml.requester.acceptedNameFormats.3=urn:oasis:names:tc:SAML:2.0:nameid-format:transient > > #unity.saml.requester.displayName=Remote SAML authentication (SURFconext) > > unity.saml.requester.remoteIdp.1.name=SURFconext IdP > unity.saml.requester.remoteIdp.1.address=https://engine.surfconext.nl/authentication/idp/single-sign-on > unity.saml.requester.remoteIdp.1.samlId=https://engine.surfconext.nl/authentication/idp/metadata > unity.saml.requester.remoteIdp.1.certificate=SURFconext > unity.saml.requester.remoteIdp.1.groupMembershipAttribute=urn:oid:1.3.6.1.4.1.5923.1.1.1.1 > unity.saml.requester.remoteIdp.1.requestedNameFormat=urn:oasis:names:tc:SAML:2.0:nameid-format:transient > #unity.saml.requester.remoteIdp.1.requestedNameFormat=urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified > unity.saml.requester.remoteIdp.1.translationProfile=SURFconext > > What must I do to make the metadata appear at the configured URL? Recap: unity.saml.requester.metadataPath is responsible for the last part of the metadata path, you should set this to change the path. The unity.saml.requester.requesterEntityId is SAML id which in the end can be any string. However SAML profiles recommend it to be an URL of server's metadata. So you should change it too, but changing it won't influence metadata position. Assuming you set both correctly you have to reload your SAML authenticator (from adminUI servermanagement->authenticators). Only then the new config will be loaded. Best Krzysztof |
