I’m using the MetadataImporter following your examples provided and am encountering an issue.
I obtained metadata from TestShib site so I can test my service provider application.
When I import the data I get a failure to do with a binding you do not support (‘urn:mace:shibboleth:1.0:profiles:AuthnRequest’ - I found out about this in another thread) so I removed this binding from their metadata.
It now imports ok but I’m not sure how it decides which binding it should put into :
PartnerIdentityProviderConfiguration.SingleSignOnServiceBinding and
PartnerIdentityProviderConfiguration.SingleSignOnServiceUrl
In the metadata:
<SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
Location=“”>https://idp.testshib.org/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”
Location=“”>https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO"/>
<SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:SOAP”
Location=“”>https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP"/>
Once the import completes it always picks HTTP-POST and the url that goes with it.
Is it just choosing the first one it finds? Is there a way to choose which binding or pre-select this? I want to use HTTP-Redirect.
Thanks.
Yes, I’m afraid it’s simply choosing the first binding.
You can either modify the metadata prior to importing so HTTP-Redirect binding is either the first or only or edit the generated saml.config to remove the binding configuration. The saml.config defaults to HTTP-Redirect for the SingleSignOnServiceBinding.
Ok thanks for the information, guess I thought the importer was a more ‘complete’ solution. But not a problem, we can work round it for now.
We intend improving metadata import/export in a future release.