Exception: Unable to locate metadata for identity provider

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Exception: Unable to locate metadata for identity provider

sshabbir
Hello,

Having setup the shibboleth IDP, and configured for testShib, we see below
in the exposed log

2018-07-12 13:02:50 DEBUG Shibboleth.Listener [307]: dispatching message
(default/TestShib::run::SAML2SI)
2018-07-12 13:02:50 WARN Shibboleth.SessionInitiator.SAML2 [307]: unable to
locate metadata for provider
(https://shibboleth-idp-dev.aws.bmjgroup.com/idp/shibboleth)

Looking at the registered entities, there is one entry for
https://shibboleth-idp-dev.aws.bmjgroup.com/idp/shibboleth.

There are no obvious errors reported in our idp-process.log or the tomcat8
logs.

Thanks in advance.

Syed






--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Syed
Reply | Threaded
Open this post in threaded view
|

RE: Exception: Unable to locate metadata for identity provider

Tom O'Neill
Could you share the entry from your metata-providers.xml?

Thanks,

Tom

-----Original Message-----
From: users <[hidden email]> On Behalf Of sshabbir
Sent: Thursday, July 12, 2018 1:09 PM
To: [hidden email]
Subject: Exception: Unable to locate metadata for identity provider

Hello,

Having setup the shibboleth IDP, and configured for testShib, we see below in the exposed log

2018-07-12 13:02:50 DEBUG Shibboleth.Listener [307]: dispatching message
(default/TestShib::run::SAML2SI)
2018-07-12 13:02:50 WARN Shibboleth.SessionInitiator.SAML2 [307]: unable to locate metadata for provider
(https://shibboleth-idp-dev.aws.bmjgroup.com/idp/shibboleth)

Looking at the registered entities, there is one entry for https://shibboleth-idp-dev.aws.bmjgroup.com/idp/shibboleth.

There are no obvious errors reported in our idp-process.log or the tomcat8 logs.

Thanks in advance.

Syed






--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Exception: Unable to locate metadata for identity provider

sshabbir
Hello Tom,

Please below, I've removed the commented stuff for brevity

<?xml version="1.0" encoding="UTF-8"?>

<MetadataProvider id="ShibbolethMetadata"
xsi:type="ChainingMetadataProvider"
    xmlns="urn:mace:shibboleth:2.0:metadata"
    xmlns:resource="urn:mace:shibboleth:2.0:resource"
    xmlns:security="urn:mace:shibboleth:2.0:security"
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata
http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
                        urn:mace:shibboleth:2.0:resource
http://shibboleth.net/schema/idp/shibboleth-resource.xsd 
                        urn:mace:shibboleth:2.0:security
http://shibboleth.net/schema/idp/shibboleth-security.xsd
                        urn:oasis:names:tc:SAML:2.0:metadata
http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
                       
     <MetadataProvider id="HTTPMetadataTESTSHIB"
                  xsi:type="FileBackedHTTPMetadataProvider"
                  backingFile="%{idp.home}/metadata/testshib.xml"
                 
metadataURL="http://www.testshib.org/metadata/testshib-providers.xml"/>    
         
   
</MetadataProvider>

If it helps, I can see the downloaded testshib.xml in
/opt/shibboleth-idp/metadata.


Syed




--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Syed
Reply | Threaded
Open this post in threaded view
|

RE: Exception: Unable to locate metadata for identity provider

Nate Klingenstein-4
In reply to this post by sshabbir
Syed,

Fortunately, this one's not your fault.  TestShib is choking on bad metadata again from a prior tester.  This implies nothing about the state of your deployment.

Kevin Foote has found the goodness in his heart to go clean it out again, so I expect he'll send out something when he figures it out.  You'll have to wait on that, so maybe it's time to grab lunch.

Take care,
Nate.

--
Dewpoint Identity, Inc.
https://dewpoint.id
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Exception: Unable to locate metadata for identity provider

sshabbir
Thanks Nate,

Time difference permitting, maybe an early dinner, working late...

Syed



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Syed
Reply | Threaded
Open this post in threaded view
|

Re: Exception: Unable to locate metadata for identity provider

Kevin Foote-2
In reply to this post by Nate Klingenstein-4

> On Jul 12, 2018, at 11:32 AM, Nate Klingenstein <[hidden email]> wrote:
>
> Fortunately, this one's not your fault.  TestShib is choking on bad metadata again from a prior tester.  This implies nothing about the state of your deployment.
>

Done and done.
Someone had some bad MD on the 10th.
Your should be fine.

--------
thanks
 kevin.foote
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Exception: Unable to locate metadata for identity provider

sshabbir
Many thanks Kevin et al. much appreciated.



--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Syed