Shibboleth SP error redux

[Cantor, Scott]

> None of the configured SessionInitiators handled the request.

If there's no entityID statically defined or supplied to /Login via parameter, and no discoveryURL in the configuration, then there's nothing the system can do with a request when a session is mandated. That is the way you get that error.
 
> 1. Is this the probable cause of the error?

It will loop. The resource request will have no valid session and route back to wherever the configured discoveryURL, and if there is no such URL, it will fail with the error you got.

The only way to bypass the cross check is setting consistentAddress to false.

But you can't deploy in a way that ever allows that error to occur, because it will occur, eventually. You MUST supply an entityID or a discoveryURL, always. If you don't, you can't use requireSession. They go hand in hand.

-- Scott