Unknown or Unusable Identity Provider issue...

Christopher Bongaarts cab at umn.edu
Fri Apr 5 13:45:45 EDT 2019


Check your shibd.log file for errors trying to load the metadata file.  
The messages would most likely be happening at shibd restart time, not 
the time you access the page.

On 4/5/2019 12:31 PM, Dennis Fazekas wrote:
>
> Greetings,
>
> We have a customer whom we cannot get working. We are seeing the 
> following error from Shibboleth. I’m wondering if the problem is 
> related to the customer’s entityID; since it’s not a valid URI.
>
> Here is the snippet from the customer’s metadata:
>
> Snippet from partnermetadata/lly.production.xml
>
> <md:EntityDescriptor ID="cADhVl_SqndvQACPbar0ae8GkKK" 
> cacheDuration="PT1440M" entityID="*lly-qa:saml2:idp*" 
> xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
>
>>
> </md:EntityDescriptor>
>
> In our shibboleth2.xml the *MetadataProviders* has the following entry 
> which is correctly mapped to the customer’s metadata.
>
> *<MetadataProvider type="XML" file="partnermetadata/lly.production.xml"/>*
>
> **
>
>
>   Unknown or Unusable Identity Provider
>
> The identity provider supplying your login credentials is not 
> authorized for use with this service or does not support the necessary 
> capabilities.
>
> To report this problem, please contact the site administrator at 
> [cut_out].
>
> Please include the following error message in any email:
>
> Identity provider lookup failed at 
> (https://sp.shi.com/Shibboleth.sso/Login)
>
> *EntityID:* lly-qa:saml2:idp
>
> opensaml::saml2md::MetadataException: Unable to locate metadata for 
> identity provider (lly-qa:saml2:idp)
>
> Any help would greatly be appreciated. Thank you!
>
>
-- 
%%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190405/b77e493e/attachment.html>


More information about the users mailing list