unable to locate metadata

Nate Klingenstein ndk at internet2.edu
Mon Nov 12 12:53:40 EST 2012


> 		<MetadataProvider type="XML" uri="https://federation.belnet.be/federation-metadata.xml" >
>             <MetadataFilter type="Signature" verifyName="false" certificate="certificate.federation.belnet.be.pem"/>
>             <MetadataFilter type="RequireValidUntil" maxValidityInterval="7776000"/>
> 		</MetadataProvider>	
> Shibd -check is happy.  I can hit https://federation.belnet.be/federation-metadata.xml from the server in question.  The config files for both machines are identical (I usually do the mods to 1 server and copy Shibboleth2.xml and any dependent files to the other server.  When a BellNet customer hits my primary server, everything is fine.  If they hit my secondary server they get a 500

This is the expected error condition when there is no metadata found.

> and the logs show this:
> 2012-11-12 06:40:23 WARN Shibboleth.SessionInitiator.SAML2 [66]: unable to locate metadata for provider (urn:mace:kuleuven.be:kulassoc:wenk.be)
> Can anyone offer a clue for me here on this?  All other feds on the secondary server are working fine.  Just this one fails.

A couple obvious checks: is the metadata file in /var/run/shibboleth/?  Is the signing certificate in place?  Is this the right entityID and is it present in the metadata file?  (it doesn't match the SessionInitiator)

You'll also get more descriptive logging messages during startup.  Try touching /etc/shibboleth/shibboleth2.xml and checking the logs for anything more helpful.

Take care,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121112/506cbe2b/attachment.html 

More information about the users mailing list