Unknown or Unusable Identity Provider
Alan Buxey
alan.buxey at myunidays.com
Wed Dec 4 04:18:59 EST 2019
Hi
That error is expected if the shib Daemon was run using the default system
libcurl
The service scripts set the LD_LIBRARY_PATH value to include the packages
libcurl (built with required things) in /opt/shibboleth/lib64 or wherever
it is on that OS these days ;) - so if you want to run it directly in
foreground mode with debugging etc etc you need to invoke the Daemon with
correct LD_LIBRARY_PATH set
alan
On Tue, 3 Dec 2019, 18:17 conroy, <baltzell at umich.edu> wrote:
> I know this topic has been discussed a few times in a few different ways,
> but
> none of it fixed my problem, so hopefully I'm not repeating,
> but...Everything was working fine yesterday and today all of my servers
> that
> are running Shibboleth are giving an error page saying: "Unknown or
> Unusable
> Identity Provider." To my knowledge there was no patches or changes to any
> of the servers. According to the shibd.logs the problem seems to be:
>
> 2019-12-03 12:44:30 ERROR XMLTooling.libcurl.InputStream : error while
> fetching https://shibboleth.umich.edu/md/umich-prod-idps.xml: (59) Unknown
> cipher in list: ALL:!aNULL:!LOW:!EXPORT:!SSLv2
> 2019-12-03 12:44:30 ERROR XMLTooling.libcurl.InputStream : on Red Hat 6+,
> make sure libcurl used is built with OpenSSL
> 2019-12-03 12:44:30 ERROR XMLTooling.ParserPool : fatal error on line 0,
> column 0, message: internal error in NetAccessor
> 2019-12-03 12:44:30 ERROR OpenSAML.MetadataProvider.XML : error while
> loading resource (https://shibboleth.umich.edu/md/umich-prod-idps.xml):
> XML
> error(s) during parsing, check log for specifics
> 2019-12-03 12:44:30 WARN OpenSAML.MetadataProvider.XML : adjusted reload
> interval to 3000 seconds
> 2019-12-03 12:44:30 WARN OpenSAML.MetadataProvider.XML : trying backup
> file,
> exception loading remote resource: XML error(s) during parsing, check log
> for specifics
> 2019-12-03 12:44:30 INFO OpenSAML.MetadataProvider.XML : using local backup
> of remote resource
> 2019-12-03 12:44:30 INFO OpenSAML.MetadataProvider.XML : loaded XML
> resource
> (/var/cache/shibboleth/umich-prod-idps.xml)
> 2019-12-03 12:44:30 ERROR OpenSAML.MetadataProvider.XML : metadata instance
> was invalid at time of acquisition
> 2019-12-03 12:44:30 CRIT OpenSAML.MetadataProvider.XML : maintaining
> existing configuration, error reloading resource
> (https://shibboleth.umich.edu/md/umich-prod-idps.xml): Metadata instance
> was
> invalid at time of acquisition.
>
> I'm running RHEL 7.7 so I looked at
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxRH6 but:
> 1. I don't have a /etc/sysconfig/shibd or
> /etc/systemd/system/multi-user.target.wants/shibd.service file. There are
> other related files, but not those 2.
> 2. The current libcurl in /opt/shibboleth/ is libcurl.so.4.5.0 which is not
> the most recent, but I'm hesitant to update it without knowing more because
> that might be the "correct" version for my setup.
> 3. I don't see how either of those problems could change overnight.
>
> Any help or insight would be greatly appreciated.
>
> Thanks,
> Conroy
>
>
>
> --
> Sent from:
> https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191204/cbfc66f2/attachment.html>
More information about the users
mailing list