Looking for some troubleshooting advice for setting up a SP that isn't working.

Dan Oachs doachs at gac.edu
Fri May 15 18:51:54 UTC 2020

So over the years I have successfully added quite a few SP to our IDP but
this past week I have run into one that I am having trouble getting
working.  I believe there is some mismatch with their metadata vs. what
they are requesting.

Here is the error log a user sees when trying to access the SP:
Login - Unable to Respond
The login service was unable to identify a compatible way to respond to the
requested application. This is generally to due to a misconfiguration on
the part of the application and should be reported to the application's
support team or owner.

On the IDP side ( 3.3.1 - I know, we need to upgrade to 4) , I see these
idp-process.log:2020-05-15 13:13:02,959 - DEBUG
[org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:126] -
Endpoint Resolver
org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither
candidate endpoint location '
nor response location 'null' matched '
(ipv6 ip address removed)

idp-process.log:2020-05-15 13:13:02,959 - WARN
- Profile Action PopulateBindingAndEndpointContexts: Unable to resolve
outbound message endpoint for relying party 'saml-live.scenariolearning.com':
Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=
trusted=false] (ipv6 ip address removed)

Am I correct that the error message says that the endpoint location does
not match however they look identical?  Is there an issue with a question
mark in there?  Hopefully I am just overlooking something obvious and you
all can point it out for me :)

The SP claims they have this working with other customers using
Shibboleth.  Wondering if anyone has any idea what might be wrong on my
end, or what I should tell the SP they need to fix?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200515/9634a57e/attachment.htm>

More information about the users mailing list