WS-Federation: Shibboleth handler invoked at an unconfigured location.

Robert Lowe robertmlowe at rmlowe.com
Mon Dec 28 03:30:33 EST 2015 

I have enabled WS-Federation support as described here
<https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPADFS>.

Now I see a /Shibboleth.sso/ADFS ACS in the generated metadata as expected.

However if I try to access that URL directly in a browser I see a
“Shibboleth handler invoked at an unconfigured location” error, which makes
me think there's a configuration problem. (Of course I don't expect
accessing the URL directly to do anything useful, but I would have expected
a more specific error message, e.g. concerning missing parameters.)

The messages in shibd.log look promising (slightly redacted):

2015-12-15 09:14:53 INFO Shibboleth.Application : auto-configuring SSO
initiation for protocol (ADFS)
2015-12-15 09:14:53 INFO Shibboleth.Application : adding SessionInitiator
of type (ADFS) to chain (/Login)
2015-12-15 09:14:53 INFO Shibboleth.Application : auto-configuring SSO
endpoints for protocol (ADFS)
2015-12-15 09:14:53 INFO Shibboleth.Application : adding
AssertionConsumerService for Binding (
http://schemas.xmlsoap.org/ws/2003/07/secext) at (/ADFS)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property Binding (
http://schemas.xmlsoap.org/ws/2003/07/secext)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property Location
(/ADFS)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property entityID
([redacted])
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property index (1)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property Binding (
http://schemas.xmlsoap.org/ws/2003/07/secext)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property Location
(/ADFS)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property entityID
([redacted])
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property index (1)
2015-12-15 09:14:53 INFO Shibboleth.Listener : registered remoted message
endpoint (ekp/ADFS)
2015-12-15 09:14:53 INFO Shibboleth.Listener : registered remoted message
endpoint (ekp/ADFS::run::ADFSLO)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property Location
(/Login)
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property entityID
([redacted])
2015-12-15 09:14:53 DEBUG Shibboleth.PropertySet : added property type
(ADFS)
2015-12-15 09:14:53 INFO Shibboleth.Listener : registered remoted message
endpoint (ekp/Login::run::ADFSSI)

However in native.log I have:

2015-12-15 09:14:51 CRIT Shibboleth.Config : maintaining existing
configuration, error reloading resource
(D:/nd/shibboleth-sp/etc/shibboleth/shibboleth2.xml): Unknown plugin type.

There doesn't seem to be anything else in the log to indicate what plugin
is being referred to. However since this is new after adding the
WS-Federation configuration I assume it's referring to adfs.so.

Any suggestions on what might be wrong or where to look next?

-- 
Best regards,

Robert Lowe
http://crepuscular.rmlowe.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151228/a7134191/attachment.html>

More information about the users mailing list