Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Done
-
PL_PROD_2.0.2
-
None
-
Low
Description
I am attempting to get the PicketLink IDP working with a Shibboleth SP. The Shibboleth SP is logging the following error:
An Issuer was supplied that conflicts with previous results.
This appears to be happening because the Issuer value changes from http://localhost:8080/idp/ to tomcat (the username I logged into the IDP with) within the SAMLResponse from the IDP:
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8080/idp/</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ID_0930f2f3-9932-4e8c-aefe-c8d4967ab923" IssueInstant="2012-04-02T16:40:09.492-05:00" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-formatersistent">tomcat</saml:Issuer>
Notice that the Issuer is included twice in the SAMLResponse from the IDP. The first time the Issuer is http://localhost:8080/idp/, then next time the Issuer is tomcat (the username I logged into the IDP with).
This can be reproduced by hitting the PicketLink IDP and capturing the SAMLResponse that the IDP generates.
