Menu
▾
▴
Re: [Unity-idm-discuss] Multiple SAML service providers authenticating against unity?
|
From: Krzysztof B. <kb...@un...> - 2018-04-20 07:57:55
|
Hi, W dniu 19.04.2018 o 18:06, D Baum pisze: > Hi, > > I'm trying to have multiple SAML services providers authenticate against > unity (v2.4.1) as the IDP. > > The relevant config file looks like this: > > unity.saml.issuerURI=http://unity > unity.saml.credential=PORTAL > unity.saml.defaultGroup=/A > unity.saml.spAcceptPolicy=validRequester > unity.saml.acceptedSPMetadataSource.portal.url=file:///etc/unity-idm/portal-metadata_fed.xml > unity.saml.acceptedSPMetadataSource.simpleSAMLphp.url=file:///etc/unity-idm/simpleSAMLphp_fed.xml > unity.saml.signResponses=asRequest > unity.saml.translationProfile=portalSAMLOutputProfile > unity.saml.skipConsent=true > unity.saml.userCanEditConsent=false > unity.endpoint.web.autoLogin=true > > However, if I try to log in to the portal SP, I get this error: > > ERROR > SAML service got an invalid request. > If you are a user then you can be sure that the web application you was > using previously is either misconfigured or buggy. > If you are an administrator or developer, here the details of the error > follows: > eu.unicore.samly2.exceptions.SAMLRequesterException: Issuer is not among > trusted: portal > Caused by: eu.unicore.samly2.exceptions.SAMLRequesterException: Issuer > is not among trusted: portal > > So it seems I can't configure two SPs in this way, is that right? > Is the only way to configure two SPs to copy-paste their xml config into > the same metadata xml file together? Your config is all right, Unity can use multiple metadata sources and merges them (of course should not clash). Try to enable more detailed logging on saml subsystem and verify carefully logs when metadata is loaded/refreshed. I suppose there is some configuration mismatch somewhere. Cheers, Krzysztof |
