Menu
▾
▴
Re: [Unity-idm-discuss] Shibboleth - Issuer is not among trusted
|
From: Krzysztof B. <kb...@un...> - 2020-03-14 09:42:05
|
Hi, W dniu 12.03.2020 o 19:59, D Baum pisze: > Hi! > > I feel I've asked about this before but could not find the message any > more - sorry! > > I'm trying to configure two SAML SPs in parallel in > conf/modules/saml/saml-webidp.properties: > > unity.saml.acceptedSPMetadataSource.a.url=file:///conf/saml/a-metadata.xml > unity.saml.acceptedSPMetadataSource.b.url=file:///conf/saml/b-metadata.xml > unity.saml.spAcceptPolicy=validRequester > > SP A works fine, but I've got issues with SP B, which is a > Shibboleth/Apache setup. When I try to access a protected resource, I > get forwarded to unity and it tells me: > > SAML IdP got an invalid request. So certainly the B's metadata is a problem. You can enable more detailed logging on the saml facility (DEBUG should be enough, but try TRACE to get all insights) and check what SPs were extracted from the config. Especially the logger 'unity.server.saml.MetaToSPConfigConverter' should be helpful. HTH, Krzysztof |
