在回复bobogin。
这就是我记忆中它工作的方式,是的。那时候的文档非常糟糕,但是现在已经改进了,也就是说我现在找不到任何关于它的参考了…
I ran into your post while debugging some ECP problems of my own. I would like some clarification. Do you mean that the ECP SSL certificate and the signing certificate for the web sso profiles must be the same and publicly trusted ?
This ECP test has saved my bacon. Thank you!
在回复webops。
是的,我们以前的一个同事用SNM工具和一些RRDTOOL做了一点hack
What did you use to graph your data? Did you just use rrdtool or did you have it pulled into nagios?
在回复guthypeter。
嗨Peter,
抱歉没有回复。据我所知它仍然有效’我们的配置没有’t改变,肯定仍然收到一个基本的认证头(Apache正在处理他们和我们的Shib将’t知道如何),但我不能’t实际上看到原始数据包很容易。
你还有问题吗?< / p >
嗨,
这个信息是最新的吗?如果我用“ActiveLogOnUri”设置到我们的ECP端点(https://ouridp/idp/profile/SAML2/SOAP/ECP),我们得到请求发送到这个URI,就像这样:
POST /idp/profile/SAML2/SOAP/ECP HTTP/1.0
Connection: Keep-Alive
Content-Type: application/ SOAP +xml
Accept: */*
User-Agent: Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 6.1;& # 8230; . .
Content-Length: 1592
ouridp
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
https://ouridp:443/idp/profile/SAML2/SOAP/ECP
MYREQUESTID
a-username@ourfederateddomain
thepassword
2014-12-05T12:55:44Z
2014-12-05T12:55:44Z
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
urn:federation:MicrosoftOnline
http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
Nothing of an “Authorization” header with the Basic Auth data, but username + password as a soap header ().
Is there a setting which enables sending the Basic Auth headers?
Thank you very much in advance!