Shib IdP 2.4.4 Issue

Cantor, Scott cantor.2 at
Thu May 7 10:12:28 EDT 2015

On 5/7/15, 9:54 AM, "James McCartin" <jmccartin at> wrote:

>I’m having an issue with Shibboleth and I’m hoping someone can help me in determining the cause.
>Issue: Periodically Shibboleth stops working.  Users see a message that the SAML 2 SSO profile is not configured for relying party (address of SP for whatever app they are trying to access).

I suspect the problem is your metadata's expiring and not refreshing. There are numerous threads related to the fact that all of the sudden lots of people seem to be observing problems keeping metadata up to date, and we've done pretty much all we can do to try and fix it in that old code. I think there's a bug somewhere in the stack that's broken the HTTP client used, but that's me speculating, since we never had this kind of mass of problems until the last year or so.

We tried to add more fixes to 2.4.4, so there's not much more we can do unless we find a root cause.

>Beyond that, I’m not sure what else to do.  Any thoughts?

You start planning to upgrade to the current version, basically.

You could evaluate your metadata sources and look at which SPs seem to be having issues and whether they're from a common feed that's remote.

I have observed no such issues myself with several remote sources, InCommon included.

-- Scott

More information about the users mailing list