Unknown or Unusable Identity Provider

Mak, Steve makst at upenn.edu
Tue Dec 3 15:24:37 EST 2019


I don't think the problem is  https://shibboleth.umich.edu/md/umich-prod-idps.xml  because a lot of sites use that and none of them seem to be down. How would I tell if it was an expired validUntil?

Not all SPs honor the validUntil correctly.  Shib SP is one that does.  It will 100% refuse to load an idp metadata if the file says it's expired.

The workaround you can use to get your SP up and running in the interim, until the metadata publishing gets fixed or deprecated, you can manually pulldown the idp metadata, delete the validUntil, and then save it to a local file and have your SP use that local file instead.  There's no real security risk here assuming the idp metadata is good except for validUntil.

- Steve Mak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191203/e98becc2/attachment.html>

More information about the users mailing list