Error Message: SAML 2 SSO profile is not configured for relying party
Matt Moore
me at mattdoescode.com
Sun Nov 25 20:32:01 EST 2018
Hello,
I'm getting the following error when I try to redirect to the testshib
login screen: *Error Message: SAML 2 SSO profile is not configured for
relying party.*
Here is my metadata (generated with PHP OneLogin):
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
validUntil="2018-11-28T01:00:19Z" cacheDuration="PT604800S"
entityID="http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata">
<md:SPSSODescriptor AuthnRequestsSigned="false"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIID5zCCAs+gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDjAMBgNVBAcMBUxvZ2FuMRMwEQYDVQQKDApEaW5vbHl0aWNzMRMwEQYDVQQLDApEaW5vbHl0aWNzMRMwEQYDVQQDDApEaW5vbHl0aWNzMSAwHgYJKoZIhvcNAQkBFhFzdXBwb3J0QHBvcGUudGVjaDAeFw0xODExMjUyMzMyMDJaFw0xOTExMjUyMzMyMDJaMIGNMQswCQYDVQQGEwJVUzENMAsGA1UECAwEVXRhaDEOMAwGA1UEBwwFTG9nYW4xEzARBgNVBAoMCkRpbm9seXRpY3MxEzARBgNVBAsMCkRpbm9seXRpY3MxEzARBgNVBAMMCkRpbm9seXRpY3MxIDAeBgkqhkiG9w0BCQEWEXN1cHBvcnRAcG9wZS50ZWNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApD/rIXey9I33NquGYvePD4TzxM4qNJ0wgNd5byRXHPJTwL0CrozwmzOruRXA8aI88tjNqBJoe5MGP3N3AEcinfE7MlmTNCZ8FiISBDpFopqWKir8Fg/ZGofItHQRM55eIBkReC06uB7NLYDyubkdxESjn9/X/Jc0rrVtYx5jFbmyUKwf73UI18DlDDvdq2luEbe7bclBPJt9DBYMjo5JTGrqWoYjDHST00niqTBEdpfzFCSW81V0+vrvBR32iYmRns61PPwk3kdpZqdixbBggZbm5tplkuvf7PA1mIORAO6aOV8JLYnNY9wVVo0DeYI0QEK3kiLwJlze6PwnR0yxDwIDAQABo1AwTjAdBgNVHQ4EFgQUd1pFeTzMYDQcGXSNpRIm552Ih9owHwYDVR0jBBgwFoAUd1pFeTzMYDQcGXSNpRIm552Ih9owDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAaRv4hwN67ZhdllzbePyjlmO1QgyD55vmiTfCkd59THlDCXAV3zpaBdZPy3KVepbkPPMUSpdmaUXKWAQ6N2arGjHPIzvsTuq1dJFo2TrKc0T/ImlPYZ3AjQ8NY3Xy+D8LTv2xxVGW8LnI1v9SCFjYiQdSq+bA2H9ndfCTn0KUMupYrJywpo1N8KIjh/WiyNv1Dfrxmm0InG96I4Hc+oApq/+uh5NrjKJqwVS+XjdK1q6middtXc81K/uyKx4a6IMXOLSRfsSvLHEKmZLRP2kurC+akAsdQ/Ayrqiv0dTNUbo0V9/Lg3UPQc8s+XVd2X7Ove9TIXprgEwGRHBZw9SG1Q==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://api.dinolytics.test/saml2/sls"/>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://api.dinolytics.test/saml2/acs" index="1"/>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en-US">Name</md:OrganizationName>
<md:OrganizationDisplayName
xml:lang="en-US">Dinolytics</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en-US">https://dinolytics.com</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>name</md:GivenName>
<md:EmailAddress>development at dinolytics.com</md:EmailAddress>
</md:ContactPerson>
<md:ContactPerson contactType="support">
<md:GivenName>Support</md:GivenName>
<md:EmailAddress>support at dinolytics.com</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
And here is the relevant log info from testshib:
20:20:19.756 - INFO [Shibboleth-Access:73] -
20181126T012019Z|174.52.243.27|idp.testshib.org:443|/profile/SAML2/Redirect/SSO|
20:20:19.756 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:86]
- shibboleth.HandlerManager: Looking up profile handler for request
path: /SAML2/Redirect/SSO
20:20:19.756 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:97]
- shibboleth.HandlerManager: Located profile handler of the following
type for the request path:
edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
20:20:19.756 - DEBUG
[edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:339] -
LoginContext key cookie was not present in request
20:20:19.756 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:188]
- Incoming request does not contain a login context, processing as
first leg of request
20:20:19.756 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:366]
- Decoding message with decoder binding
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
20:20:19.759 - DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:128]
- Looking up relying party configuration for
http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata
20:20:19.759 - DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:134]
- No custom relying party configuration found for
http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata,
looking up configuration based on metadata groups.
20:20:19.760 - DEBUG
[edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:157]
- No custom or group-based relying party configuration found for
http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata.
Using default relying party configuration.
20:20:19.760 - WARN
[org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:81]
- SPSSODescriptor role metadata for entityID
'http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata'
could not be resolved
20:20:19.760 - DEBUG
[edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:387]
- Decoded request from relying party
'http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata'
20:20:19.761 - WARN
[edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:305]
- No metadata for relying party
http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata,
treating party as anonymous
20:20:19.761 - WARN
[edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:222]
- SAML 2 SSO profile is not configured for relying party
http://api.dinolytics.test/sso/5f172a08-90b1-4178-80a4-7b5d591cc4a5/metadata
Thanks for the help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181125/37cb1dc9/attachment.html>
More information about the users
mailing list