Translate meta data to SSO tag

[Nate Klingenstein]

Philip,

> I have successfully tested my Shibboleth set up against SAML test: https://samltest.id/ <https://samltest.id/>

Thanks for using SAMLtest.

> <SSO  entityID="https://idp-dev.nss.udel.edu/idp/shibboleth <https://idp-dev.nss.udel.edu/idp/shibboleth>" discoveryProtocol="SAMLDS" discoveryURL="https://idp-dev.nss.udel.edu/idp/profile/Shibboleth/SSO <https://idp-dev.nss.udel.edu/idp/profile/Shibboleth/SSO>">
>   SAML2
> </SSO>
> 
> opensaml::saml2md::MetadataException: Unable to locate metadata for 
> identity provider (https://idp-dev.nss.udel.edu/idp/shibboleth <https://idp-dev.nss.udel.edu/idp/shibboleth>)

You just need to load the metadata for their identity provider.  You also don't need any of the discovery attributes if your SP will be pointing directly at a single IdP.  A quick check shows that their metadata is available at https://idp-dev.nss.udel.edu/idp/shibboleth, so you can just load it directly by adding to shibboleth2.xml next to the other MetadataProvider elements:

<MetadataProvider type="XML" url="https://idp-dev.nss.udel.edu/idp/shibboleth" backingFilePath="dev-udel-metadata.xml.bck" />

That should get you past this issue and probably all others.  Eventually you'll want to rely on InCommon or another authority and signed metadata.  I'm not sure what those <script> elements will do to the parser, but you may need to remove those and host a local copy without them.  You'll see errors on startup of shibd if there's an issue.

https://wiki.shibboleth.net/confluence/display/SP3/XMLMetadataProvider

Take care,
Nate.