Closed yo1995 closed 5 years ago
Hi @yo1995,
This is most likely thrown due to the protectedURL
being an invalid ECP endpoint or SwiftECP itself is not able to handle your IdP and SP configuration.
You can try pointing this Python script at the same endpoint to see what happens. If it succeeds, the issue is probably with SwiftECP not understanding your SAML payload. If it fails, then your SP may not be configured for ECP, or the URL itself is incorrect.
Hope this helps!
Hi @yo1995,
This is most likely thrown due to the
protectedURL
being an invalid ECP endpoint or SwiftECP itself is not able to handle your IdP and SP configuration.You can try pointing this Python script at the same endpoint to see what happens. If it succeeds, the issue is probably with SwiftECP not understanding your SAML payload. If it fails, then your SP may not be configured for ECP, or the URL itself is incorrect.
Hope this helps!
Thanks for your prompt reply! I'm new to this field and as you can tell, looking for a way to provide a "native" Shib auth page for iOS. If I'm mistaken, please feel free to correct me! 😃
To my understanding, the ECP profile is similar to the SAML profile of browser SSO auth method, but is for clients other than browser. Is that correct?
How to determine if a Shib service supports ECP? I tried to construct such endpoint URLs according to the standard format, i.e.
https://iroar.app.clemson.edu/Shibboleth.sso/idp/profile/SAML2/SOAP/ECP
https://shib.oit.duke.edu/idp/profile/SAML2/SOAP/ECP
and tried to GET
from it, with no success.
Do I need to contact the administrator to know if their Shib service supports ECP method of authentication?
Thanks and have a nice weekend!
To my understanding, the ECP profile is similar to the SAML profile of browser SSO auth method, but is for clients other than browser. Is that correct?
Correct - Shib without a browser.
How to determine if a Shib service supports ECP? I tried to construct such endpoint URLs according to the standard format, i.e.
In my experience, running that Python script against the endpoint is usually a good first step. Getting in touch with the admin is also a good idea. At Clemson, very few endpoints support ECP because it isn't enabled with the default configuration. It takes coordination with our Shib team to get it configured.
Also, the endpoint URL could be anything that's protected behind Shib on the SP. (e.g. mybox.school.edu/foo)
Once you know the endpoint is good, SwiftECP should do the job of carrying the SP SAML to the IdP and vice versa and finally injecting valid cookies into the client.
@twstokes Nice! I'll first check with DevOps about the endpoints!
Close this issue for now, and reopen if I encounter any other issues.
Thanks!
When I tried with the example project, it gives me this in the log.
It seems to be thrown from Alamofire dependency, but I don't understand how to do with it... 🤔
Any helps are much appreciated!