SAML test

By: Todd Vernick user 26 May 2015 at 9:20 a.m. CDT

16 Responses
Todd Vernick gravatar
Hello, I am trying to go through testing shib2 (http://www.gluu.org/docs/articles/test-shib2/) and I am getting stuck on trying to get the metadata. The link in that doc does not work (https://support.gluu.org/questions/32/how-can-i-get-my-idps-metadata/".) I have tried to google other ways of doing it, but it seems I don't have anything found in the /idp/shibboleth page. I chose the option to install Shibboleth2 during install, and the service itself is running.
None
closed

Answers

By Michael Schwartz Account Admin 26 May 2015 at 9:37 a.m. CDT

Copy
Michael Schwartz gravatar
We'll take a look. Perhaps this is missing from the updated apache config.

By Todd Vernick user 26 May 2015 at 9:40 a.m. CDT

Copy
Todd Vernick gravatar
Also a side note, it doesn't look like it installs anything when you chose that option during the setup.py run. I had to install it manually with yum install to get files in /etc/shibboleth.

By Mohib Zico Account Admin 26 May 2015 at 10:04 a.m. CDT

Copy
Mohib Zico gravatar
>> I am trying to go through testing shib2 (http://www.gluu.org/docs/articles/test-shib2/) and I am getting stuck on trying to get the metadata. The link in that doc does not work (https://support.gluu.org/questions/32/how-can-i-get-my-idps-metadata/".) Thanks for the note, Todd. We fixed the link. Link is: https://support.gluu.org/view/application-integration/how-can-i-get-my-idps-metadata/216 >> Also a side note, it doesn't look like it installs anything when you chose that option during the setup.py run. I had to install it manually with yum install to get files in /etc/shibboleth. Which version you are using? Ubuntu or CentOS? 2.2?

By Todd Vernick user 26 May 2015 at 10:11 a.m. CDT

Copy
Todd Vernick gravatar
Centos 6.6

By Todd Vernick user 26 May 2015 at 10:12 a.m. CDT

Copy
Todd Vernick gravatar
I get a blank page for https://ourhostname/idp/shibboleth

By Mohib Zico Account Admin 26 May 2015 at 10:22 a.m. CDT

Copy
Mohib Zico gravatar
Ok, we will try to reproduce your issue with CentOS6.6+Gluu Server 2.2. Stay tuned!

By Mohib Zico Account Admin 26 May 2015 at 11:09 a.m. CDT

Copy
Mohib Zico gravatar
Todd, I am unable to reproduce the problem. I just installed Gluu Server 2.2 in CentOS6.5. Here it is: https://zicocentos.gluu.org/idp/shibboleth note: you need to add `104.131.82.95 zicocentos.gluu.org` in your hosts file to load 'zicocentos.gluu.org'

By Todd Vernick user 26 May 2015 at 12:01 p.m. CDT

Copy
Todd Vernick gravatar
I can reach the host name, but the page is blank for shibboleth. What specific install options did you use for setup.py? Did it install anything into /etc/shibboleth?

By Mohib Zico Account Admin 26 May 2015 at 12:20 p.m. CDT

Copy
Mohib Zico gravatar
>> What specific install options did you use for setup.py? Just selected `Yes` for `Install Shibboleth IDP[Y/N]` question. >> Did it install anything into /etc/shibboleth? No. We have modified Shibboleth IDP named 'oxIDP' which is located in /opt/idp location of filesystem

By Todd Vernick user 26 May 2015 at 3:23 p.m. CDT

Copy
Todd Vernick gravatar
Ok, I got this working. Had to install an actual idp zip which installs the contents of /opt/shibboleth-idp. I upload the metadata to the site and run the test, but I am getting a blank page for that now. It's not giving me any errors so not sure what the problem could be.

By Mohib Zico Account Admin 26 May 2015 at 3:35 p.m. CDT

Copy
Mohib Zico gravatar
What do you see with `https://zicocentos.gluu.org/idp/shibboleth` ?

By Todd Vernick user 27 May 2015 at 9:55 a.m. CDT

Copy
Todd Vernick gravatar
Ok, so finally got the shibboleth to install with the setup.py, and I get metadata now. Once I run the test I am getting the error "Message was signed, but signature could not be verified." The first cause of error says to look at the relying-party.xml file for a certificate configured. I am not sure which cert they are talking about in that particular file. The other two reason I am not clear about yet. Do you know where I can compare certs referenced in that file? https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPTroubleshootingCommonErrors#NativeSPTroubleshootingCommonErrors-Messagewassigned,butsignaturecouldnotbeverified.

By Mohib Zico Account Admin 27 May 2015 at 11:09 a.m. CDT

Copy
Mohib Zico gravatar
This is pretty simple issue. As the doc says... check certificate of your IDP and vice versa for SP ( TestShib ). Someone else were facing such situation with TestShib. You can check the thread: http://shibboleth.net/pipermail/users/2011-August/000252.html I'll try to reproduce the issue with my own test IDP from my side to check if there is any misconfiguration here from IDP side or not.

By Todd Vernick user 27 May 2015 at 2:16 p.m. CDT

Copy
Todd Vernick gravatar
We're using a diff server to test and the test worked ok. By any chance do you have a docs to test SAML out from salesforce.com? I know there is some integrations with gluu but I can't find anything that works correctly.

By Mohib Zico Account Admin 27 May 2015 at 2:23 p.m. CDT

Copy
Mohib Zico gravatar
We integrated salesforce.com with Gluu Server and they are in production now but that is not yet in public doc.

By Mohib Zico Account Admin 05 Jun 2015 at 8:48 a.m. CDT

Copy
Mohib Zico gravatar
Todd, We published the Gluu Server-Salesforce.com SAML integration doc:http://www.gluu.org/docs/articles/salesforce-sso/

Post an answer