Unknown or Unusable Identity Provider

conroy baltzell at umich.edu
Tue Dec 3 13:17:27 EST 2019

I know this topic has been discussed a few times in a few different ways, but
none of it fixed my problem, so hopefully I'm not repeating,
but...Everything was working fine yesterday and today all of my servers that
are running Shibboleth are giving an error page saying: "Unknown or Unusable
Identity Provider." To my knowledge there was no patches or changes to any
of the servers. According to the shibd.logs the problem seems to be:

2019-12-03 12:44:30 ERROR XMLTooling.libcurl.InputStream : error while
fetching https://shibboleth.umich.edu/md/umich-prod-idps.xml: (59) Unknown
cipher in list: ALL:!aNULL:!LOW:!EXPORT:!SSLv2
2019-12-03 12:44:30 ERROR XMLTooling.libcurl.InputStream : on Red Hat 6+,
make sure libcurl used is built with OpenSSL
2019-12-03 12:44:30 ERROR XMLTooling.ParserPool : fatal error on line 0,
column 0, message: internal error in NetAccessor
2019-12-03 12:44:30 ERROR OpenSAML.MetadataProvider.XML : error while
loading resource (https://shibboleth.umich.edu/md/umich-prod-idps.xml): XML
error(s) during parsing, check log for specifics
2019-12-03 12:44:30 WARN OpenSAML.MetadataProvider.XML : adjusted reload
interval to 3000 seconds
2019-12-03 12:44:30 WARN OpenSAML.MetadataProvider.XML : trying backup file,
exception loading remote resource: XML error(s) during parsing, check log
for specifics
2019-12-03 12:44:30 INFO OpenSAML.MetadataProvider.XML : using local backup
of remote resource
2019-12-03 12:44:30 INFO OpenSAML.MetadataProvider.XML : loaded XML resource
2019-12-03 12:44:30 ERROR OpenSAML.MetadataProvider.XML : metadata instance
was invalid at time of acquisition
2019-12-03 12:44:30 CRIT OpenSAML.MetadataProvider.XML : maintaining
existing configuration, error reloading resource
(https://shibboleth.umich.edu/md/umich-prod-idps.xml): Metadata instance was
invalid at time of acquisition.

I'm running RHEL 7.7 so I looked at
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxRH6 but:
1. I don't have a /etc/sysconfig/shibd or
/etc/systemd/system/multi-user.target.wants/shibd.service file. There are
other related files, but not those 2.
2. The current libcurl in /opt/shibboleth/ is libcurl.so.4.5.0 which is not
the most recent, but I'm hesitant to update it without knowing more because
that might be the "correct" version for my setup.
3. I don't see how either of those problems could change overnight. 

Any help or insight would be greatly appreciated.


Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list