Getting "Unable to resolve outbound message endpoint", but endpoint is in metadata
shibboleth655 at lewenberg.com
shibboleth655 at lewenberg.com
Mon Feb 26 13:06:52 EST 2018
We have an SP that just cannot get to work. Here are the symptoms:
1. When doing an IdP-initiated authentication, the IdP generates a valid
response and redirects the browser to the SP's ACS
2. When doing an SP-initiated authentication, the IdP generates this error:
###########################
2018-02-26 09:52:57,150 - WARN
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:410]
- Profile Action
PopulateBindingAndEndpointContexts: Unable to resolve outbound message
endpoint for relying party 'https://xxxxx.example
.edu/fom/loginSAML': EndpointCriterion
[type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService,
Binding=urn:oasi
s:names:tc:SAML:2.0:bindings:HTTP-Redirect,
Location=https://xxxxx.example.edu/fom/loginSAML, trusted=false]
###########################
Here is the SP's metadata:
###########################
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="https://xxxxx.example.edu/fom/loginSAML">
<md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
AuthnRequestsSigned="false" WantAssertionsSigned="false">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://xxxxx.example.edu/fom/loginSAML" isDefault="true"
index="0"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
###########################
Any suggestions or trouble-shooting tips appreciated.
More information about the users
mailing list