No peer endpoint available to which to send SAML response

John Hascall john at iastate.edu
Tue Sep 30 13:10:08 EDT 2014 

Your md:EntityDescriptor(s) need to be enclosed in EntitiesDescriptor
Something along these lines:

<?xml version="1.0" encoding="UTF-8"?>
<EntitiesDescriptor
    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    Name="https://iastate.edu/metadata/ISU.xml"
    ID="ISU-20140925-202800"
><!-- Generated 2014-09-25 15:28:00 CDT -->

        <md:EntityDescriptor
            xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
            xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
            entityID="https://apps.gpss.iastate.edu/shibboleth">
                  ...
        </md:EntityDescriptor>
</EntitiesDescriptor>

On Tue, Sep 30, 2014 at 11:58 AM, Dave Vernon <dvernon at loyalistcollege.com>
wrote:

>  Hi David,
>
>
>
> So does that mean that my problem is that I have the IdP invalid data?
>
>
>
> Am I at least getting my metadata from the right spot?  (i.e. is the
> problem that I’m still missing some configuration on the SP, or that I’m
> simply grabbing the wrong thing)
>
>
>
> Thanks for your help
>
>
>
> *Dave Vernon*
>
> *Technology Infrastructure Specialist*
>
> dvernon at loyalistc.on.ca
>
> loyalistcollege.com
>
>
>
> [image: Loyalist College] <http://www.loyalistcollege.com/>[image:
> Facebook] <https://www.facebook.com/loyalistcollege>[image: Twitter]
> <https://twitter.com/loyalistcollege>
>
>
>
> *From:* users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
> *On Behalf Of *David Bantz
> *Sent:* Tuesday, September 30, 2014 12:53 PM
> *To:* Shib Users
> *Subject:* Re: No peer endpoint available to which to send SAML response
>
>
>
>  https://lms.lcaat.ca/Shibboleth.sso/Metadata doesn’t look like a valid
> xml metadata file describing an entity.
>
>
>
>
>
> On Tue, 30 Sep 2014, at 08:43 , Dave Vernon <dvernon at loyalistcollege.com>
> wrote:
>
>
>
>   Hello all,
>
>
>
> I am currently working through my first Shibboleth implementation.  I’ve
> made it fairly far and had some success (I am able to login with the
> protected TestShib page).
>
>
>
> I’m currently “stuck” on an issue.  I’ve done a lot of reading of the
> documentation and groups, but I’m still having issues trying to sort this
> out.
>
>
>
> My IdP server is running on IIS 7.5/Windows – explode.lcaat.ca
>
> My SP is running on IIs 7.5/Windows, trying to integrated with Blackboard
> LMS
>
>
>
> I am creating my Shibboleth authentication connector in blackboard, and
> when I am trying to test the connection, I get redirected to the logon page
> and I’m able to enter my credentials, but then I get the following error.
>
>
>
> Error Message: No peer endpoint available to which to send SAML response
>
>
>
> I don’t see any errors in any of the logs on the SP side.
>
> On the IdP side I see the following error in the idp-process log
>
>
>
> 12:25:45.640 - ERROR
> [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:447]
> - No return endpoint available for relying party
> https://explode.lcaat.ca/idp/shibboleth
>
>
>
> From what I have read so far, it seems like my problem is with the SP’s
> metadata being unknown to the IdP.  I grabbed the metadata from
> https://lms.lcaat.ca/Shibboleth.sso/Metadata and then saved it to
> C:\Program Files (x86)\Internet2\Shib2IdP\metadata\bbdev-Metadata.xml
>
>
>
> I then updated my relying-party.xml file on the IdP server with the bit
> below (in bold)
>
>
>
>
>
>
>
>    <!-- ========================================== -->
>
>     <!--      Metadata Configuration                -->
>
>     <!-- ========================================== -->
>
>     <!-- MetadataProvider the combining other MetadataProviders -->
>
>     <metadata:MetadataProvider id="ShibbolethMetadata"
> xsi:type="metadata:ChainingMetadataProvider">
>
>
>
>                 <!-- Load the IdP's own metadata.  This is necessary for
> artifact support. -->
>
>         <metadata:MetadataProvider id="IdPMD"
> xsi:type="metadata:ResourceBackedMetadataProvider">
>
>             <metadata:MetadataResource
> xsi:type="resource:FilesystemResource" file="C:\Program Files
> (x86)\Internet2\Shib2Idp/metadata/idp-metadata.xml"/>
>
>         </metadata:MetadataProvider>
>
>
>
>         <!-- Download the metadata
>
>
>
>          This is the point where the posrt install program will add new
> metadata
>
>
>
>         -->
>
>
>
>         <metadata:MetadataProvider id="TestShib"
> xsi:type="metadata:FileBackedHTTPMetadataProvider"
>
>                           metadataURL="
> http://www.testshib.org/metadata/testshib-providers.xml"
>
>                           backingFile="C:\Program Files
> (x86)\Internet2\Shib2Idp/metadata/Downloaded-Metadata.xml"
>
>                           />
>
>
>
>
>
>           *<metadata:MetadataProvider id="lms.lcaat.ca
> <http://lms.lcaat.ca/>" xsi:type="metadata:ResourceBackedMetadataProvider">*
>
> *            <metadata:MetadataResource
> xsi:type="resource:FilesystemResource" file="C:\Program Files
> (x86)\Internet2\Shib2Idp/metadata/bbdev-Metadata.xml" />*
>
> *        </metadata:MetadataProvider>*
>
>
>
>     </metadata:MetadataProvider>
>
>
>
>
>
> I also read that SAML tracer would be a value tool.  I capture the trace
> and decoded it, but my inexperienced eye doesn’t see a mismatch.
>
>
>
> Decoded Output:
> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
> AssertionConsumerServiceURL="
> https://lms.lcaat.ca/Shibboleth.sso/SAML2/POST" Destination="
> https://explode.lcaat.ca:444/idp/profile/SAML2/Redirect/SSO"
> ID="_6240d39343efcb6c8452e29fe7006b6a" IssueInstant="2014-09-30T16:25:45Z"
> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
> Version="2.0"><saml:Issuer
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://
> explode.lcaat.ca/idp/shibboleth</saml:Issuer><samlp:NameIDPolicy
> AllowCreate="1"/></samlp:AuthnRequest
>
>
>
>
>
> I would love any advice or help on this.  I feel I’m close, but still so
> far off!
>
>
>
> *Dave Vernon*
>
> dvernon at loyalistc.on.ca
>
> loyalistcollege.com
>
>
>
> <image001.png> <http://www.loyalistcollege.com/><image002.png>
> <https://www.facebook.com/loyalistcollege><image003.png>
> <https://twitter.com/loyalistcollege>
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140930/3ae83c14/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4005 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20140930/3ae83c14/attachment-0003.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1536 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20140930/3ae83c14/attachment-0004.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1476 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20140930/3ae83c14/attachment-0005.png

More information about the users mailing list