I'm not sure how to get our login.jsp page to display for authentication. The idp-process.log shows no authentication mechanism available for use with relying party. I've been over and over the shib docs but still can't figure out the what the issue may be. I thought everything is configured correctly. Thanks in advance for any help, I've been stuck on this for days.
TOMCAT/IDP/WEB.XML
-----------------------------------
Is this the correct section to uncomment to get the login.jsp form to display?
<login-config>
<auth-method>FORM</auth-method>
<realm-name>IdP Password Authentication</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
RELYING-PARTY.XML
-----------------------------------
<RelyingParty id="
https://staging.services.identity.nbcuni.com/PartnerServices/SAML2/metadata" provider="
https://cia.sccoast.net/idp/shibboleth" defaultSigningCredentialRef="IdPCredential" defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport">
<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"/>
<ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"/>
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
<ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
</RelyingParty>
HANDLER.XML:
--------------------------------
<LoginHandler xsi:type="UsernamePassword"
jaasConfigurationLocation="C:\shibboleth-identityprovider-2.1.3\idp/conf/login.config">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod> <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
</LoginHandler>
LOGIN.CONFIG
--------------------------------
ShibUserPassAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
base="xx"
host="xx"
port="389"
serviceCredential="xx"
serviceUser="xx"
ssl="false"
tls="false"
userField="xx"
subtreeSearch="false"
;
};
IDP-PROCESS.LOG
----------------------------------------------------
15:32:47.631 - INFO [Shibboleth-Access:73] - 20091026T193247Z|172.21.17.215|cia.sccoast.net:443|/profile/SAML2/POST/SSO|
15:32:47.991 - INFO [org.opensaml.security.MetadataCredentialResolver:450] - Credential cache cleared
15:32:47.991 - INFO [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802] - PKIX validation info cache cleared
15:32:47.991 - INFO [org.opensaml.security.MetadataCredentialResolver:450] - Credential cache cleared
15:32:47.991 - INFO [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802] - PKIX validation info cache cleared
15:32:47.991 - INFO [org.opensaml.xml.signature.impl.BaseSignatureTrustEngine:111] - Signature contained no KeyInfo element, could not resolve verification credentials
15:32:48.022 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:128] - Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
15:32:48.037 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:130] - Authentication via protocol message signature succeeded for context issuer entity ID
https://staging.services.identity.nbcuni.com/PartnerServices/SAML2/metadata15:32:48.037 - INFO [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:257] - No authentication mechanism available for use with relying party '
https://staging.services.identity.nbcuni.com/PartnerServices/SAML2/metadata'