Error occurring: 500 Internal server error

Peter Schober peter.schober at
Thu Jul 18 04:45:38 EDT 2019

* Tomomi <test.demo.adobe.2 at> [2019-07-18 03:35]:
> After that, I verified the operation on the test site.

Note that you can test large parts of the IDP's machinery without ever
testing with a real SP in your web browser using the provided aacli
(The IDP does need SP metadata for parts of those tests to be
meaningful, though.)

> Use test site is below;

This service seems to have severe limitations:

"Stuff that won't work:
  Receiving encrypted SAML assertions
  That's not even on our radar..."

Your IDP would likely require adding a manual exception to even use
this service without encryption (once you got your IDP working), so
I'd recommend this one instead:

> There is no log at all.

Do you mean that literally (there is no log file written at all) or
just that there are no logs that would explain your current error?
I'm assuming you mean the former below:

> /opt/shibboleth-idp/logs

File system permissions?

The IDP will produce logs alone from starting up, without metadata for
the SP and without needing to run a test. So make sure those logs are
there before continuing.
You could try changing the owner of that directory to the user tomcat
runs as in your system.

Of course that assumes you have not configured your IDP to write logs
elsewhere via conf/logback.xml (e.g. to /var/log/idp or whatever).

> /usr/share/tomcat/logs

Highly unlikely to find "no log at all" there since permissions should
be correct from the RPM packaging and I think Tomcat will also log
messages just from starting up.
I don't know about Redhat/CentOS 7's Tomcat 7 packaging (what symlinks
they have in place) but logs should be in /var/log/tomcat either way.


More information about the users mailing list