Perl 6 - the future is here, just unevenly distributed

IRC log for #shibboleth, 2015-05-07

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
11:59 mckeanbs joined ##shibboleth
18:22 dsouljah joined ##shibboleth
18:23 dsouljah Hi everyone, anyone around I might be able get some help please
18:36 pdurbin dsouljah: whatcha need?
18:48 dsouljah My goal is to have Picketlink SP and Shibboleth IdP passing back and forth assertions but I believe I'm missing the Active Directory part.  Before I was using a hacked up version of Amazon certIDP just to pass me back what I needed but this isn't mirroring my end goal.  It was just a quick and dirty way at the time.  I'm new to this all.
18:49 dsouljah I currently am running local JBoss 7.1.1 final with picketlink as the SP.  I set up a VM with Jetty 9 and Shibboleth IdP 2.4.4 if that helps.
18:52 dsouljah My question is, what do I need for Shibboleth in order to set a single user up to have SSO work.  I am reading up on X509 certs now because I believe that's what I'm using to pass to the browser on to the IdP
18:52 dsouljah Hope that makes sense...
18:52 pdurbin dsouljah: I've at least heard of picketlink. Maybe I should use it instead of mod_shib.
18:53 pdurbin the the app the runs on jboss open source?
18:53 pdurbin is* the
18:54 pdurbin sorry, can't type
18:54 pdurbin Is the app that runs on jboss open source?
18:57 dsouljah It's my employer's software I am task to get up and running on Shibboleth, previous had it running under Big IP, F5
18:59 pdurbin ok
18:59 dsouljah Do you know of any tools that simulate Active Directory I could use because I think that's the piece I'm missing.  Or can Shibboleth be hard configured to return assertions?
18:59 pdurbin I tend to test my SP by uploading my metadata to http://testshib.org/register.html
19:00 dsouljah I've read about that some but haven't checked into that.
19:00 pdurbin it's a fantastic and free service
20:03 dsouljah ok I set that up...
20:03 dsouljah edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException: No user identified by login handler. at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.validateSuccessfulAuthentication(AuthenticationEngine.java:619) [shibboleth-identityprovider-2.4.4.jar:na]
20:03 dsouljah That's the log on my end
20:04 dsouljah and testshib error was opensaml::FatalProfileException at (https://sp.testshib.org/Shibboleth.sso/SAML2/POST)  SAML response reported an IdP error.  Error from identity provider:  Status: urn:oasis:names:tc:SAML:2.0:status:Responder Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
20:07 dsouljah I recall something about setting up an login handler, that's when I trailed off in the active directory stuff because I need to either configure a fake user manually in shibboleth or setup an AD
20:09 dsouljah I think this is what I'm looking for X.509 Login Handler!

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary