No peer endpoint available to which to send SAML response
Dave Vernon
dvernon at loyalistcollege.com
Tue Sep 30 12:58:01 EDT 2014
Hi David,
So does that mean that my problem is that I have the IdP invalid data?
Am I at least getting my metadata from the right spot? (i.e. is the problem that I'm still missing some configuration on the SP, or that I'm simply grabbing the wrong thing)
Thanks for your help
Dave Vernon
Technology Infrastructure Specialist
dvernon at loyalistc.on.ca<mailto:dvernon at loyalistc.on.ca>
loyalistcollege.com<http://loyalistcollege.com/>
[Loyalist College]<http://www.loyalistcollege.com/>[Facebook]<https://www.facebook.com/loyalistcollege>[Twitter]<https://twitter.com/loyalistcollege>
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of David Bantz
Sent: Tuesday, September 30, 2014 12:53 PM
To: Shib Users
Subject: Re: No peer endpoint available to which to send SAML response
https://lms.lcaat.ca/Shibboleth.sso/Metadata doesn't look like a valid xml metadata file describing an entity.
On Tue, 30 Sep 2014, at 08:43 , Dave Vernon <dvernon at loyalistcollege.com<mailto:dvernon at loyalistcollege.com>> wrote:
Hello all,
I am currently working through my first Shibboleth implementation. I've made it fairly far and had some success (I am able to login with the protected TestShib page).
I'm currently "stuck" on an issue. I've done a lot of reading of the documentation and groups, but I'm still having issues trying to sort this out.
My IdP server is running on IIS 7.5/Windows - explode.lcaat.ca<http://explode.lcaat.ca/>
My SP is running on IIs 7.5/Windows, trying to integrated with Blackboard LMS
I am creating my Shibboleth authentication connector in blackboard, and when I am trying to test the connection, I get redirected to the logon page and I'm able to enter my credentials, but then I get the following error.
Error Message: No peer endpoint available to which to send SAML response
I don't see any errors in any of the logs on the SP side.
On the IdP side I see the following error in the idp-process log
12:25:45.640 - ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:447] - No return endpoint available for relying party https://explode.lcaat.ca/idp/shibboleth
>From what I have read so far, it seems like my problem is with the SP's metadata being unknown to the IdP. I grabbed the metadata from https://lms.lcaat.ca/Shibboleth.sso/Metadata and then saved it to C:\Program Files (x86)\Internet2\Shib2IdP\metadata\bbdev-Metadata.xml
I then updated my relying-party.xml file on the IdP server with the bit below (in bold)
<!-- ========================================== -->
<!-- Metadata Configuration -->
<!-- ========================================== -->
<!-- MetadataProvider the combining other MetadataProviders -->
<metadata:MetadataProvider id="ShibbolethMetadata" xsi:type="metadata:ChainingMetadataProvider">
<!-- Load the IdP's own metadata. This is necessary for artifact support. -->
<metadata:MetadataProvider id="IdPMD" xsi:type="metadata:ResourceBackedMetadataProvider">
<metadata:MetadataResource xsi:type="resource:FilesystemResource" file="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/idp-metadata.xml"/>
</metadata:MetadataProvider>
<!-- Download the metadata
This is the point where the posrt install program will add new metadata
-->
<metadata:MetadataProvider id="TestShib" xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="http://www.testshib.org/metadata/testshib-providers.xml"
backingFile="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/Downloaded-Metadata.xml"
/>
<metadata:MetadataProvider id="lms.lcaat.ca<http://lms.lcaat.ca/>" xsi:type="metadata:ResourceBackedMetadataProvider">
<metadata:MetadataResource xsi:type="resource:FilesystemResource" file="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/bbdev-Metadata.xml" />
</metadata:MetadataProvider>
</metadata:MetadataProvider>
I also read that SAML tracer would be a value tool. I capture the trace and decoded it, but my inexperienced eye doesn't see a mismatch.
Decoded Output:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://lms.lcaat.ca/Shibboleth.sso/SAML2/POST" Destination="https://explode.lcaat.ca:444/idp/profile/SAML2/Redirect/SSO" ID="_6240d39343efcb6c8452e29fe7006b6a" IssueInstant="2014-09-30T16:25:45Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://explode.lcaat.ca/idp/shibboleth<http://explode.lcaat.ca/idp/shibboleth></saml:Issuer><samlp:NameIDPolicy AllowCreate="1"/></samlp:AuthnRequest
I would love any advice or help on this. I feel I'm close, but still so far off!
Dave Vernon
dvernon at loyalistc.on.ca<mailto:dvernon at loyalistc.on.ca>
loyalistcollege.com<http://loyalistcollege.com/>
<image001.png><http://www.loyalistcollege.com/><image002.png><https://www.facebook.com/loyalistcollege><image003.png><https://twitter.com/loyalistcollege>
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140930/3a553f69/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4005 bytes
Desc: image001.png
Url : http://shibboleth.net/pipermail/users/attachments/20140930/3a553f69/attachment-0003.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1476 bytes
Desc: image002.png
Url : http://shibboleth.net/pipermail/users/attachments/20140930/3a553f69/attachment-0004.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1536 bytes
Desc: image003.png
Url : http://shibboleth.net/pipermail/users/attachments/20140930/3a553f69/attachment-0005.png
More information about the users
mailing list