This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About hakasapl
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About hakasapl
10-05-2020
3Posts
0Likes
0Solutions
Oct 05, 2020Last Visited
User
Activity
User
Profile
Latest posts by hakasapl
| Subject | Views | Posted |
|---|---|---|
| 2371 | 09-05-2020 03:55 PM | |
| 2380 | 09-05-2020 03:41 PM | |
| 2587 | 08-24-2020 10:15 AM |
User Badges
Community Statistics
| Member Since | 08-24-2020 10:10 AM |
| Date Last Visited | 10-05-2020 01:45 PM |
| Posts | 3 |
09-05-2020
03:55 PM
<!--
This is example metadata only. Do *NOT* supply it as is without review,
and do *NOT* provide it in real time to your partners.
-->
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_82c9e1d51d701bd75df3ad69a6bf8db222c530d2" entityID="https://unity.rc.umass.edu/shibboleth">
<md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
<alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
</md:Extensions>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">
<md:Extensions>
<init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://unity.rc.umass.edu/Shibboleth.sso/Login"/>
<idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://unity.rc.umass.edu/Shibboleth.sso/Login" index="1"/>
</md:Extensions>
<md:KeyDescriptor>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>https://unity.rc.umass.edu/shibboleth</ds:KeyName>
<ds:KeyName>unity.rc.umass.edu</ds:KeyName>
<ds:X509Data>
<ds:X509SubjectName>CN=unity.rc.umass.edu</ds:X509SubjectName>
<ds:X509Certificate>MIIEJDCCAoygAwIBAgIJAOzitNv/fB6IMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV
BAMTEnVuaXR5LnJjLnVtYXNzLmVkdTAeFw0xOTA2MTcxNTA1NDZaFw0yOTA2MTQx
NTA1NDZaMB0xGzAZBgNVBAMTEnVuaXR5LnJjLnVtYXNzLmVkdTCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBAM8CVIwjoCJQfb5PxhvypiszKF7tcSmtuL0Q
yURuBCR8uJTVtZ24osySRLxLfcIWkcKJyVkcOUKOV2sjFyyzhtH7H1KcQicTr3Yd
nDZcpUl20zZCvExkIgr2UKMyzEJND/iDUXMIiAlsiW9A9ADCT1XGv0TApY78fAV3
IUBCp9RpWz+AQZzz6JumO+U4HuxWmrzLUAGq3H/bf1SqqQIcDsTOxHJGg0c8XzrK
MQi31pHw0ldNFUTtkSFwrzMVZs1ZmUILR6jo4ULraj4Tnj8geUQ8k0ylirk4VjZz
5/qlax2ghgFgU3VfZcpVWE63FkdOC9fmjAGDEpTrsYV2JLl4NMtVBPicMa0fwS/p
/XV6dXQaY3ANGdDLBe1deFaiI381erRf6sfE4aIrQJW9yiAQQffItLlK5yML5m2M
9POKt42/98ceR4nTOM9Vk9buJd7IKDxsO4WmBgMJT5XrAFsSFQcni39IVMhF2EZe
g3+21naqOaEuvvC1wgn6eXe2CDxL3wIDAQABo2cwZTBEBgNVHREEPTA7ghJ1bml0
eS5yYy51bWFzcy5lZHWGJWh0dHBzOi8vdW5pdHkucmMudW1hc3MuZWR1L3NoaWJi
b2xldGgwHQYDVR0OBBYEFCfb1RHoonWsDuhFVqpuEEak2zn3MA0GCSqGSIb3DQEB
CwUAA4IBgQACXJ861KERqmD8/nfKyB9VIBsMSiYZonQ0HPVvpZtD5EN6Z4OVEEsJ
qTcWXtUHsesZREmm4F7fNmSJmapzrYYgUnTdrkJWGFdb5OMSTh1ai5qYY4YyWeHl
GNQTH2ArI7RWvV06F6fz1UeK6Iw4c/B/0Z/HKm96iM8vI6TmCFyAsoMswn5aq4nX
A6o4zjyrZ6klLRbpto9ZsT2rkPX9Hr2cpW71qzCOinTf34+pdcWh3z5ZPpGSLVhz
sWstfe0qI6XY+JVTxRxb+9u+Y1oFxjki61vps+nz6BbKDtdkazeQuojCoA4WbS4L
qi+NfOr1Isj3px3Cd/qz/oBYhzQRu0xlF7tiNTCrUhmj/YD80r1B4XVNGvE+RB+Q
TJ5/cPKpnK1O2ofcJ0eth5yHl3OCUZGm9lo8IMyeOM1nCTIgCPwXUDwRMvNHhO1N
U4gUN/185I8Z2CDht+DGYLyB65veb8A+FQltTgj6dkMPei9HRs7hHyF5V5cRHOZI
dB/EAx++8ns=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
</md:KeyDescriptor>
<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://unity.rc.umass.edu/Shibboleth.sso/Artifact/SOAP" index="1"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://unity.rc.umass.edu/Shibboleth.sso/SLO/SOAP"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://unity.rc.umass.edu/Shibboleth.sso/SLO/Redirect"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://unity.rc.umass.edu/Shibboleth.sso/SLO/POST"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://unity.rc.umass.edu/Shibboleth.sso/SLO/Artifact"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://unity.rc.umass.edu/Shibboleth.sso/SAML2/POST" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://unity.rc.umass.edu/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://unity.rc.umass.edu/Shibboleth.sso/SAML2/Artifact" index="3"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://unity.rc.umass.edu/Shibboleth.sso/SAML2/ECP" index="4"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://unity.rc.umass.edu/Shibboleth.sso/SAML/POST" index="5"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://unity.rc.umass.edu/Shibboleth.sso/SAML/Artifact" index="6"/>
</md:SPSSODescriptor>
</md:EntityDescriptor> That is our SP's metadata. I was unable to directly import this because pan-os said "No IDP Descriptor node found". I'm trying to connect to an SP, not an IDP. Will this make a difference? - Hakan
... View more
09-05-2020
03:41 PM
Hello, I've attempted doing this, but I've experienced another hiccup. When I try to authenticate against the portal, I get the correct shibboleth SSO page, and I am able to sign in successfully. After I sign in, it doesn't recognize that I've signed in. Is there some SAML message that needs to be passed back to the palo for it to know that I've successfully authenticated? Right now after I sign it just stays at the landing page, without doing anything. - Hakan
... View more
08-24-2020
10:15 AM
Hello, We have a shibboleth SP setup on our web server which has a discovery service built-in, so that users can authenticate against a number of different endpoints. Is there any way to carry over that configuration to a palo alto SAML authentication profile? The general sequence of events: 1. User wants to access private webpage 2. Redirected to endpoint select, where there is a dropdown 3. Select an endpoint, continue, which then goes to the endpoint's IDP authentication page. 4. Authentication successful I'm having trouble wrapping my head around this as an authentication profile. Can I reference the endpoint select webpage as the SSO url?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-05-2020
01:45 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks