Can't understand error messages

Peter Schober peter.schober at
Mon Nov 18 08:04:47 EST 2019

* Daniele Albrizio <albrizio at> [2019-11-18 12:23]:
> Responsible metadata-providers.xml configuration (without this conf the IdP
> starts successfully):
>     <MetadataProvider id="Jobiri-MD"
> xsi:type="FileBackedHTTPMetadataProvider"
> backingFile="/opt/shibboleth-idp/metadata/jobiri-metadata.xml"
>             metadataURL="https://<SOME_URL_OF_MINE>">
>             <MetadataFilter xsi:type="EntityRoleWhiteList">
>                 <!-- Consume all and only SP metadata in the aggregate -->
> <RetainedRole>md:SPSSODescriptor</RetainedRole>
>             </MetadataFilter>
>     </MetadataProvider>

Does your surrounding chaining MetadataProvider in
conf/metadata-providers.xml define the "md" XML namespace prefix
Otherwise the above isn't valid XML.

If that's not it I'd look for earlier WARN and/or ERROR messages in
the log.

Also (and fully unrelated) note that without a signature validation
filter the above is possibly not really secure (with only TLS as
protection, which does not provide integrity and authenticity on the
document level).


More information about the users mailing list