5:35 p.m.
Hi Ivan,
thank you for the quick reply. We figured it out, and maybe this can help
other people: the BASE url we specified in proxy_conf.yaml was not just in
the form https://DOMAIN.COM but it pointed to a subdir, i.e., in a form
like https://DOMAIN.COM/dir. We removed "/dir" and now it works (well, we
actually stumbled in some other issues, but I'll write more in case we need
further help).
Best,
Cristiano
Il giorno lun 11 gen 2021 alle ore 16:02 Ivan Kanakarakis <
ivan.kanak at gmail.com> ha scritto:
Hello,
the option that makes the entity-id resolvable is "entityid_endpoint";
it should be set to true. The example configuration has this set
already:
"""
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
entityid_endpoint: true
idp_config:
entityid: <base_url>/<name>/proxy.xml
...
"""
If you're running with this configuration, then
<base_url>/Saml2IDP/proxy.xml should resolve and return the metadata
document.
This is handled here:
https://github.com/IdentityPython/SATOSA/blob/e98172b/src/satosa/backends/s…
Cheers,
On Mon, 11 Jan 2021 at 16:11, Cristiano Nattero <c.nattero at fadeout.it>
wrote:
--
Cristiano Nattero, PhD
FadeOut Software srl
http://fadeout.it/
--
Privacy - Reg. UE 679/2016 (GDPR) - Questo messaggio, ed ogni eventuale
allegato, è riservato e confidenziale e indirizzato esclusivamente ai
destinatari indicati. La segretezza della corrispondenza elettronica è
tutelata dalle leggi in vigore, pertanto l’intercettazione, la lettura o la
riproduzione di questo messaggio da parte di persone a cui non è destinato,
è espressamente vietata.
Privacy - Reg. UE 679/2016 (GDPR) - This
message, with any attachments, is intended only for use of the individual
or entity to which it is addressed and contains confidential information
that may also be privileged. Secrecy of electronic mail is protected by law
in force. If you are not the intended recipient of this message, you are
hereby notified that interception, distribution or copying of this
communication is strictly prohibited.
satosa-users at lists.sunet.se
Hi all,
we're trying to set up a proxy SAML-SAML between our service provider
(keycloak) and an IdP federation, following this guide (and a variant).
It looks like the backend side is unreachable or, at least, the metadata
are: if
we HTTP GET <base_url>/<name>/proxy_saml2_backend.xml (as specified
in the backend yaml config file) the server replies:
404 The Service or Identity Provider you requested could not be found.
Whereas if we try to HTTP GET the frontend, we can retrieve the
corresponding
xml.
Any ideas why this is happening and how to fix it, or how to further
investigate
it?
Thanks for your support.
Cristiano
--
Cristiano Nattero, PhD
FadeOut Software srl
http://fadeout.it/
Privacy - Reg. UE 679/2016 (GDPR) - Questo messaggio, ed ogni eventuale
allegato,
è riservato e confidenziale e indirizzato esclusivamente ai
destinatari indicati. La segretezza della corrispondenza elettronica è
tutelata dalle leggi in vigore, pertanto l’intercettazione, la lettura o la
riproduzione di questo messaggio da parte di persone a cui non è destinato,
è espressamente vietata.
Privacy - Reg. UE 679/2016 (GDPR) - This message, with any attachments,
is
intended only for use of the individual or entity to which it is
addressed and contains confidential information that may also be
privileged. Secrecy of electronic mail is protected by law in force. If you
are not the intended recipient of this message, you are hereby notified
that interception, distribution or copying of this communication is
strictly prohibited.
_______________________________________________
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users
--
Ivan c00kiemon5ter Kanakarakis >:3