2010-05-25 14:36:12 ERROR OpenSAML.SecurityPolicyRule.BearerConfirmation : bearer confirmation failed with recipient mismatch 2010-05-25 14:36:12 WARN Shibboleth.SSO.SAML2 : detected a problem with assertion: Unable to locate satisfiable bearer SubjectConfirmation in assertion.
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData Address="220.127.116.11" InResponseTo="_1253d4aadec1143fe542a6adfbd06206" NotOnOrAfter="2010-05-25T06:09:49.050Z" Recipient="https://mysqp.example.com.au/Shibboleth.sso/SAML2/Artifact"/> </saml:SubjectConfirmation>
Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload appliance. When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName directive to make sure that the server generates the correct self-referential URLs.
Note: This solution may not translate to IIS since it may not support the virtualisation of web server configuration in the same way that Apache does. IIS appears not to have the equivalently configurable item as Apache's ServerName directive.