unable to locate metadata

Mike Flynn shibbolethlynda at yahoo.com
Mon Nov 12 11:46:29 EST 2012


I have 2 servers for Shib, load balanced.  They are identical IIS7 boxes running 2.3.1 Shib.

One of the two servers has decided that members of the BellNet federation have no metadata...

The config for BellNet is:

<!-- BELNET Federation   -->
            <SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Intranet" relayState="cookie" entityID="https://identity.fundp.ac.be/idp/shibboleth">
                <SessionInitiator type="SAML2" acsIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
                <SessionInitiator type="Shib1" acsIndex="5"/>
            </SessionInitiator>

   
<MetadataProvider type="XML" uri="https://federation.belnet.be/federation-metadata.xml" >
            <MetadataFilter type="Signature" verifyName="false" certificate="certificate.federation.belnet.be.pem"/>
            <MetadataFilter type="RequireValidUntil" maxValidityInterval="7776000"/>
</MetadataProvider>

Shibd -check is happy.  I can hit https://federation.belnet.be/federation-metadata.xml from the server in question.  The config files for both machines are identical (I usually do the mods to 1 server and copy Shibboleth2.xml and any dependent files to the other server.  When a BellNet customer hits my primary server, everything is fine.  If they hit my secondary server they get a 500 and the logs show this:

2012-11-12 06:40:23 WARN Shibboleth.SessionInitiator.SAML2 [66]: unable to locate metadata for provider (urn:mace:kuleuven.be:kulassoc:wenk.be)


Can anyone offer a clue for me here on this?  All other feds on the secondary server are working fine.  Just this one fails.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121112/dcd1dab0/attachment.html 


More information about the users mailing list