No peer endpoint available to which to send SAML response

Dave Vernon dvernon at
Tue Sep 30 12:58:01 EDT 2014

Hi David,

So does that mean that my problem is that I have the IdP invalid data?

Am I at least getting my metadata from the right spot?  (i.e. is the problem that I'm still missing some configuration on the SP, or that I'm simply grabbing the wrong thing)

Thanks for your help

Dave Vernon
Technology Infrastructure Specialist
dvernon at<mailto:dvernon at><>

[Loyalist College]<>[Facebook]<>[Twitter]<>

From: users-bounces at [mailto:users-bounces at] On Behalf Of David Bantz
Sent: Tuesday, September 30, 2014 12:53 PM
To: Shib Users
Subject: Re: No peer endpoint available to which to send SAML response doesn't look like a valid xml metadata file describing an entity.

On Tue, 30 Sep 2014, at 08:43 , Dave Vernon <dvernon at<mailto:dvernon at>> wrote:

Hello all,

I am currently working through my first Shibboleth implementation.  I've made it fairly far and had some success (I am able to login with the protected TestShib page).

I'm currently "stuck" on an issue.  I've done a lot of reading of the documentation and groups, but I'm still having issues trying to sort this out.

My IdP server is running on IIS 7.5/Windows -<>
My SP is running on IIs 7.5/Windows, trying to integrated with Blackboard LMS

I am creating my Shibboleth authentication connector in blackboard, and when I am trying to test the connection, I get redirected to the logon page and I'm able to enter my credentials, but then I get the following error.

Error Message: No peer endpoint available to which to send SAML response

I don't see any errors in any of the logs on the SP side.
On the IdP side I see the following error in the idp-process log

12:25:45.640 - ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:447] - No return endpoint available for relying party

>From what I have read so far, it seems like my problem is with the SP's metadata being unknown to the IdP.  I grabbed the metadata from and then saved it to C:\Program Files (x86)\Internet2\Shib2IdP\metadata\bbdev-Metadata.xml

I then updated my relying-party.xml file on the IdP server with the bit below (in bold)

   <!-- ========================================== -->
    <!--      Metadata Configuration                -->
    <!-- ========================================== -->
    <!-- MetadataProvider the combining other MetadataProviders -->
    <metadata:MetadataProvider id="ShibbolethMetadata" xsi:type="metadata:ChainingMetadataProvider">

                <!-- Load the IdP's own metadata.  This is necessary for artifact support. -->
        <metadata:MetadataProvider id="IdPMD" xsi:type="metadata:ResourceBackedMetadataProvider">
            <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/idp-metadata.xml"/>

        <!-- Download the metadata

         This is the point where the posrt install program will add new metadata


        <metadata:MetadataProvider id="TestShib" xsi:type="metadata:FileBackedHTTPMetadataProvider"
                          backingFile="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/Downloaded-Metadata.xml"

          <metadata:MetadataProvider id="<>" xsi:type="metadata:ResourceBackedMetadataProvider">
            <metadata:MetadataResource xsi:type="resource:FilesystemResource" file="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/bbdev-Metadata.xml" />


I also read that SAML tracer would be a value tool.  I capture the trace and decoded it, but my inexperienced eye doesn't see a mismatch.

Decoded Output:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="" Destination="" ID="_6240d39343efcb6c8452e29fe7006b6a" IssueInstant="2014-09-30T16:25:45Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"><></saml:Issuer><samlp:NameIDPolicy AllowCreate="1"/></samlp:AuthnRequest

I would love any advice or help on this.  I feel I'm close, but still so far off!

Dave Vernon
dvernon at<mailto:dvernon at><>


To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>

-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4005 bytes
Desc: image001.png
Url : 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1476 bytes
Desc: image002.png
Url : 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1536 bytes
Desc: image003.png
Url : 

More information about the users mailing list