Invalid Metadata on different versions of IdP

Michael Dahlberg olgamirth at
Wed Aug 29 21:25:07 EDT 2018

I just upgraded our IdP from v. 3.2.1 to v. 3.3.3 and one of my SPs is
giving me problems.  When accessing the site using v.3.2.1, access is
permitted.  When using v.3.3.3  I get an error page that states
"Unsupported Request".  Metadata and config files are the same across
versions.  Looking at the v.3.3.3, I get a debug log with the following

20:19:16.117 - DEBUG
- Metadata Resolver FilesystemMetadataResolver PageUpMD: Resolved 1
candidates via EntityIdCriterion: EntityIdCriterion [id=]

20:19:16.118 - DEBUG
[org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:590] -
Metadata Resolver FilesystemMetadataResolver PageUpMD: Attempting to filter
candidate EntityDescriptors via resolved Predicates

20:19:16.118 - DEBUG
[org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:612]  -
Metadata Resolver FilesystemMetadataResolver PageUpMD: After predicate
filtering 1 EntityDescriptors remain

20:19:16.119 - DEBUG
- Resolved 1 source EntityDescriptors

20:19:16.119 - DEBUG
- Resolved 1 RoleDescriptor candidates via role criteria, performing
predicate filtering

20:19:16.120 - DEBUG
- Candidates iteration was empty, nothing to filter via predicates

20:19:16.120 - INFO
[org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:128] -
Message Handler:  No metadata returned for in role
{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol

20:19:16.122 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174]  -
Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of
on INBOUND message context

20:19:16.122 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] -
Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on
message context containing a message of type
20:19:16.122 - DEBUG
- Message Handler:  No metadata context found, nothing to do

20:19:16.123 - DEBUG
- Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching
RelyingPartyContext based on SAML peer

20:19:16.123 - DEBUG
- Resolving relying party configuration

20:19:16.124 - DEBUG
- Profile request is unverified, returning configuration

20:19:16.124 - DEBUG
[net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] -
Profile Action SelectRelyingPartyConfiguration: Found relying party
configuration shibboleth.UnverifiedRelyingParty for request

20:19:16.125 - WARN
[net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile
Action SelectProfileConfiguration: Profile is not available for RP
configuration shibboleth.UnverifiedRelyingParty (RPID

20:19:16.143 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A
non-proceed event occurred while processing the request:

20:19:16.144 - DEBUG
[org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:154] -
No SAMLBindingContext or binding URI available, error must be handled

Obviously, the metadata is found but the RP is "Unverified" because the
profile "" is not
available.  Is this profile available for v.3.2.1 but not for v.3.3.3?  If
that is the case, is it possible to make it available?

Any suggestions on how to troubleshoot this issue would be greatly

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list