Looking for some troubleshooting advice for setting up a SP that isn't working.
Dan Oachs
doachs at gac.edu
Fri May 15 18:51:54 UTC 2020
So over the years I have successfully added quite a few SP to our IDP but
this past week I have run into one that I am having trouble getting
working. I believe there is some mismatch with their metadata vs. what
they are requesting.
Here is the error log a user sees when trying to access the SP:
Login - Unable to Respond
The login service was unable to identify a compatible way to respond to the
requested application. This is generally to due to a misconfiguration on
the part of the application and should be reported to the application's
support team or owner.
On the IDP side ( 3.3.1 - I know, we need to upgrade to 4) , I see these
errors:
idp-process.log:2020-05-15 13:13:02,959 - DEBUG
[org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:126] -
Endpoint Resolver
org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither
candidate endpoint location '
https://saml-live.scenariolearning.com/saml/acs?dest=gustavus-mn.safecolleges.com'
nor response location 'null' matched '
https://saml-live.scenariolearning.com/saml/acs?dest=gustavus.mn.safecolleges.com'
(ipv6 ip address removed)
idp-process.log:2020-05-15 13:13:02,959 - WARN
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:410]
- Profile Action PopulateBindingAndEndpointContexts: Unable to resolve
outbound message endpoint for relying party 'saml-live.scenariolearning.com':
EndpointCriterion
[type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService,
Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=
https://saml-live.scenariolearning.com/saml/acs?dest=gustavus.mn.safecolleges.com,
trusted=false] (ipv6 ip address removed)
Am I correct that the error message says that the endpoint location does
not match however they look identical? Is there an issue with a question
mark in there? Hopefully I am just overlooking something obvious and you
all can point it out for me :)
The SP claims they have this working with other customers using
Shibboleth. Wondering if anyone has any idea what might be wrong on my
end, or what I should tell the SP they need to fix?
sadfasdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200515/9634a57e/attachment.htm>
More information about the users
mailing list