Configuring Centralized Discovery Service
Stein, Eric
steine at locustec.com
Fri Jun 14 09:33:18 EDT 2013
Hi,
I'm trying to get the CDS set up for my organization. I tried following the steps in https://wiki.shibboleth.net/confluence/display/SHIB2/DSInstall and https://wiki.shibboleth.net/confluence/display/SHIB2/DSConfiguration, but I must have missed a step. When I try to access my application without being authenticated, I'm seeing this in the log:
05:13:24.248 - WARN [edu.internet2.middleware.shibboleth.wayf.WayfService:306] - Could not find Discovery service Handler for https://<my server>/discovery/DS
05:13:24.263 - ERROR [edu.internet2.middleware.shibboleth.wayf.DiscoveryServiceHandler:430] - Could not locate SP https://<my server>/shibboleth in metadata
05:13:24.279 - ERROR [edu.internet2.middleware.shibboleth.wayf.DiscoveryServiceHandler:325] - Error processing DS request:
edu.internet2.middleware.shibboleth.wayf.WayfException: Couldn't find endpoint https://<my server>/Shibboleth.sso/Login in metadata
at edu.internet2.middleware.shibboleth.wayf.DiscoveryServiceHandler.setupReturnAddress(DiscoveryServiceHandler.java:490)
at edu.internet2.middleware.shibboleth.wayf.DiscoveryServiceHandler.handleLookup(DiscoveryServiceHandler.java:599)
at edu.internet2.middleware.shibboleth.wayf.DiscoveryServiceHandler.doGet(DiscoveryServiceHandler.java:322)
at edu.internet2.middleware.shibboleth.wayf.WayfService.doGet(WayfService.java:280)
...
The CDS is installed on tomcat as /discovery. I have metadata for my two IdPs in the wayfconfig.xml file. In shibboleth2.xml, I set my SP's SSO tag to be:
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://<my server>/discovery/DS">
SAML2 SAML1
</SSO>
Does anybody know what I'm doing wrong? I saw something on the internet that suggested the DS needed my SP metadata, but I didn't find anything about how to provide it.
Thanks,
Eric Stein
More information about the users
mailing list