Shib IdP 2.4.4 Issue
jarno.huuskonen at uef.fi
Thu May 7 10:42:47 EDT 2015
On Thu, May 07, James McCartin wrote:
> I'm having an issue with Shibboleth and I'm hoping someone can help me in determining the cause.
> Issue: Periodically Shibboleth stops working. Users see a message that the SAML 2 SSO profile is not configured for relying party (address of SP for whatever app they are trying to access).
> Fix: Restart the Tomcat service
> I looked through the Shibboleth logs and the only thing I'm seeing is the refresh of metadata at the time Shibboleth stops working. I'm going to change the IdP logs from INFO to DEBUG to see what else is happening. Beyond that, I'm not sure what else to do. Any thoughts?
We've had similar problems in the past (with idp version < 2.4.4). Few
of these problems occurred at the same time when our firewall turned
into tarpit(connections seemed to connect but AFAIK no data was
You could try increase logging to see if http client / metadataprovider
logs any clues why it's failing. We have these loglevels:
<logger name="org.opensaml.saml2.metadata.provider" level="INFO"/>
<logger name="org.apache.commons.httpclient" level="DEBUG"/>
More information about the users