SAML 2 SSO profile is not configured for relying party

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SAML 2 SSO profile is not configured for relying party

Jonathan Gershater
I am running into this error: "SAML 2 SSO profile is not configured for relying party"

https://spaces.internet2.edu/display/SHIB2/IdPTroubleshootingCommonErrors#IdPTroubleshootingCommonErrors-SAML2SSOprofileisnotconfiguredforrelyingparty


What am I missing?

From the docs, https://spaces.internet2.edu/display/SHIB2/IdPRelyingParty I think I am supposed to copy the SP metadata.xml to the IdP?
If I am correct where do I put the SP's metadata.xml? In the /conf directory? And how do I tell the IdP where the SP's metadata.xml file is ?


If I am not correct, please let me know where I am wrong.....

thank you....

My relying-party.xml looks like this:


========================================================================================================================

   <!-- ========================================== -->
    <!--      Relying Party Configurations          -->
    <!-- ========================================== -->
    <AnonymousRelyingParty provider="https://shibbolethidp.adaranet.com:8443/idp/shibboleth" />
  
    <DefaultRelyingParty provider="https://ShibbolethIDP.adaranet.com:8443/idp/shibboleth"
                         defaultSigningCredentialRef="IdPCredential">
    -
        <MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
                          metadataURL="http://shibbolethidp.adaranet.com:8443/idp-metadata.xml"
                          backingFile="/opt/shibboleth-idp/metadata/idp-metadata.xml">

Reply | Threaded
Open this post in threaded view
|

Re: SAML 2 SSO profile is not configured for relying party

Nate Klingenstein
Jonathan,

From the docs, https://spaces.internet2.edu/display/SHIB2/IdPRelyingParty I think I am supposed to copy the SP metadata.xml to the IdP?
If I am correct where do I put the SP's metadata.xml? In the /conf directory? And how do I tell the IdP where the SP's metadata.xml file is ?

You've got the error properly diagnosed.  Either your SP's metadata isn't stored in the idp-metadata.xml file you're pointing at(which wouldn't surprise me one bit), or your SP's entityID is improperly configured(less likely).

The simplest fix here is to point the metadataURL at your SP's automatic metadata generator.  It defaults to http://yourserver/Shibboleth.sso/Metadata.

Give it a try,
Nate.
Reply | Threaded
Open this post in threaded view
|

Re: SAML 2 SSO profile is not configured for relying party

Peter Schober
In reply to this post by Jonathan Gershater
* Jonathan Gershater <[hidden email]> [2009-06-17 23:24]:
> If I am correct where do I put the SP's metadata.xml? In the /conf
> directory?

How about the /metadata directory (right next to conf)?

> And how do I tell the IdP where the SP's metadata.xml file is ?

conf/relying-party.xml would be the place for that.

https://spaces.internet2.edu/display/SHIB2/IdPRelyingParty
-peter