Unable to resolve outbound message endpoint for relying party

Peter Gowler Peter.Gowler at sruc.ac.uk
Mon Apr 20 10:22:46 EDT 2020 

We are currently running Shibboleth Identity Provider 3.4.6 and use it for servicing the logons to over a dozen systems.

Just over a week ago one of those systems, a moodle based system, stopped being able to logon with the message displayed;

Web Login Service - Unable to Respond

The login service was unable to identify a compatible way to respond to the requested application. This is generally to due to a misconfiguration on the part of the application and should be reported to the application's support team or owner.

and from the logs;

2020-04-10 10:54:10,381 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:410] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'https://engage.elearning.sruc.ac.uk': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=https://engage.elearning.sruc.ac.uk/Shibboleth.sso/SAML2/POST, trusted=false]
2020-04-10 10:54:10,381 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: EndpointResolutionFailed

All of the other systems that we connect to that use this IDP are still functioning correctly and nothing in the configuration on this server has changed as we restored the VM for it from the time when it was working and it displayed the same behaviour.

The system we are connecting to is a moodle instance that is hosted by a 3rd party for us. They host a number of other moodle instances as well all of which are still functioning normally and they say that nothing has changed at their end either.

Looking at the metadata for the SP it appears to be the same before and after it stopped working and DNS all appears in order.

Does anyone have any suggestions as to how we should investigate this issue and track down the problem?

Thanks in advance.

Peter

Please don't print this e-mail unless you really need to.
This e-mail message is confidential to the intended recipient at the email address to which it has been addressed. If the message has been received by you in error, it may not be disclosed to or used by anyone other than the intended addressee, nor may it be copied in any way. If it is not intended for you please inform us, immediately, then delete it from your system. If the content is not about the business of the organisation then the message is not from us nor is it sanctioned by us. Anything in this e-mail or its attachments which does not relate to SRUC's or SAC Commercial Limited's official business is neither given nor endorsed by SRUC or SAC Commercial Limited.
SRUC
A Charitable company limited by guarantee, Scottish Charity Number: SC003712.
Registered in Scotland, Company Number: SC103046 - Registered Office: Peter Wilson Building, King's Buildings, West Mains Road, Edinburgh EH9 3JG
SAC Commercial Limited, an SRUC company
Registered in Scotland, Company Number: SC148684 - Registered Office: Peter Wilson Building, King's Buildings, West Mains Road, Edinburgh EH9 3JG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200420/565056dc/attachment.html>

More information about the users mailing list