Unknown or Unusable Identity Provider issue...

Dennis Fazekas Dennis_Fazekas at SHI.com
Fri Apr 5 14:28:11 EDT 2019


Thank you for getting back to me so quickly. Here is what I found in the log file:

2019-03-11 14:51:02 CRIT OpenSAML.Metadata.XML : maintaining existing configuration, error reloading resource (C:/opt/shibboleth-sp/etc/shibboleth/partnermetadata/lly.xml): Metadata instance failed manual validation checking.
2019-03-11 14:56:46 WARN Shibboleth.SessionInitiator.SAML2 [22]: unable to locate metadata for provider (lly-qa:saml2:idp)
2019-03-11 14:56:49 WARN Shibboleth.SessionInitiator.SAML2 [22]: unable to locate metadata for provider (lly-qa:saml2:idp)
2019-03-11 14:56:58 WARN Shibboleth.SessionInitiator.SAML2 [22]: unable to locate metadata for provider (lly-qa:saml2:idp)
2019-03-11 14:58:42 WARN Shibboleth.SessionInitiator.SAML2 [22]: unable to locate metadata for provider (lly-qa:saml2:idp)
2019-03-11 15:01:08 WARN Shibboleth.SessionInitiator.SAML2 [22]: unable to locate metadata for provider (lly-qa:saml2:idp)


From: Christopher Bongaarts [mailto:cab at umn.edu]
Sent: Friday, April 05, 2019 1:46 PM
To: Shib Users <users at shibboleth.net>; Dennis Fazekas <Dennis_Fazekas at SHI.com>
Cc: Henry Zhou <Henry_Zhou at SHI.com>
Subject: Re: Unknown or Unusable Identity Provider issue...


Check your shibd.log file for errors trying to load the metadata file.  The messages would most likely be happening at shibd restart time, not the time you access the page.
On 4/5/2019 12:31 PM, Dennis Fazekas wrote:
Greetings,

We have a customer whom we cannot get working. We are seeing the following error from Shibboleth. I’m wondering if the problem is related to the customer’s entityID; since it’s not a valid URI.

Here is the snippet from the customer’s metadata:

Snippet from partnermetadata/lly.production.xml

<md:EntityDescriptor ID="cADhVl_SqndvQACPbar0ae8GkKK" cacheDuration="PT1440M" entityID="lly-qa:saml2:idp" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">

…

</md:EntityDescriptor>


In our shibboleth2.xml the MetadataProviders has the following entry which is correctly mapped to the customer’s metadata.

<MetadataProvider type="XML" file="partnermetadata/lly.production.xml"/>

Unknown or Unusable Identity Provider

The identity provider supplying your login credentials is not authorized for use with this service or does not support the necessary capabilities.

To report this problem, please contact the site administrator at [cut_out].

Please include the following error message in any email:

Identity provider lookup failed at (https://sp.shi.com/Shibboleth.sso/Login)

EntityID: lly-qa:saml2:idp

opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (lly-qa:saml2:idp)

Any help would greatly be appreciated. Thank you!



--

%%  Christopher A. Bongaarts   %%  cab at umn.edu<mailto:cab at umn.edu>          %%

%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%

%%  University of Minnesota    %%  +1 (612) 625-1809    %%
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190405/89ea9b71/attachment.html>


More information about the users mailing list