Unknown or Unusable Identity Provider issue...

Christopher Bongaarts cab at umn.edu
Fri Apr 5 14:32:18 EDT 2019 

There is likely a typo or other syntax error in the metadata file.  
There might be a hint as to what/where just above the CRIT error in the log.

On 4/5/2019 1:28 PM, Dennis Fazekas wrote:
>
> Thank you for getting back to me so quickly. Here is what I found in 
> the log file:
>
> 2019-03-1114:51:02CRIT OpenSAML.Metadata.XML: maintaining existing 
> configuration, error reloading resource 
> (C:/opt/shibboleth-sp/etc/shibboleth/partnermetadata/lly.xml): 
> Metadata instance failed manual validation checking.
>
> 2019-03-1114:56:46WARNShibboleth.SessionInitiator.SAML2[22]: unable to 
> locate metadata for provider (lly-qa:saml2:idp)
>
> 2019-03-1114:56:49WARNShibboleth.SessionInitiator.SAML2[22]: unable to 
> locate metadata for provider (lly-qa:saml2:idp)
>
> 2019-03-1114:56:58WARNShibboleth.SessionInitiator.SAML2[22]: unable to 
> locate metadata for provider (lly-qa:saml2:idp)
>
> 2019-03-1114:58:42WARNShibboleth.SessionInitiator.SAML2[22]: unable to 
> locate metadata for provider (lly-qa:saml2:idp)
>
> 2019-03-1115:01:08WARNShibboleth.SessionInitiator.SAML2[22]: unable to 
> locate metadata for provider (lly-qa:saml2:idp)
>
> *From:*Christopher Bongaarts [mailto:cab at umn.edu]
> *Sent:* Friday, April 05, 2019 1:46 PM
> *To:* Shib Users <users at shibboleth.net>; Dennis Fazekas 
> <Dennis_Fazekas at SHI.com>
> *Cc:* Henry Zhou <Henry_Zhou at SHI.com>
> *Subject:* Re: Unknown or Unusable Identity Provider issue...
>
> Check your shibd.log file for errors trying to load the metadata 
> file.  The messages would most likely be happening at shibd restart 
> time, not the time you access the page.
>
> On 4/5/2019 12:31 PM, Dennis Fazekas wrote:
>
>     Greetings,
>
>     We have a customer whom we cannot get working. We are seeing the
>     following error from Shibboleth. I’m wondering if the problem is
>     related to the customer’s entityID; since it’s not a valid URI.
>
>     Here is the snippet from the customer’s metadata:
>
>     Snippet from partnermetadata/lly.production.xml
>
>     <md:EntityDescriptor ID="cADhVl_SqndvQACPbar0ae8GkKK"
>     cacheDuration="PT1440M" entityID="*lly-qa:saml2:idp*"
>     xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
>
>>
>     </md:EntityDescriptor>
>
>     In our shibboleth2.xml the *MetadataProviders* has the following
>     entry which is correctly mapped to the customer’s metadata.
>
>     *<MetadataProvider type="XML"
>     file="partnermetadata/lly.production.xml"/>*
>
>     **
>
>
>       Unknown or Unusable Identity Provider
>
>     The identity provider supplying your login credentials is not
>     authorized for use with this service or does not support the
>     necessary capabilities.
>
>     To report this problem, please contact the site administrator at
>     [cut_out].
>
>     Please include the following error message in any email:
>
>     Identity provider lookup failed at
>     (https://sp.shi.com/Shibboleth.sso/Login)
>
>     *EntityID:* lly-qa:saml2:idp
>
>     opensaml::saml2md::MetadataException: Unable to locate metadata
>     for identity provider (lly-qa:saml2:idp)
>
>     Any help would greatly be appreciated. Thank you!
>
>
>
> -- 
> %%  Christopher A. Bongaarts   %%cab at umn.edu  <mailto:cab at umn.edu>           %%
> %%  OIT - Identity Management  %%http://umn.edu/~cab   %%
> %%  University of Minnesota    %%  +1 (612) 625-1809    %%

-- 
%%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190405/f483a58c/attachment.html>

More information about the users mailing list