Looking for some troubleshooting advice for setting up a SP that isn't working.
Dan Oachs
doachs at gac.edu
Fri May 15 19:41:48 UTC 2020
Wow, thank you so much! I bet that will do it :)
--Dan
On Fri, May 15, 2020 at 1:59 PM Mak, Steve <makst at upenn.edu> wrote:
> gustavus-mn
>
>
>
> gustavus.mn
>
>
>
> *From: *users <users-bounces at shibboleth.net> on behalf of Dan Oachs <
> doachs at gac.edu>
> *Reply-To: *Shib Users <users at shibboleth.net>
> *Date: *Friday, May 15, 2020 at 14:52
> *To: *"users at shibboleth.net" <users at shibboleth.net>
> *Subject: *Looking for some troubleshooting advice for setting up a SP
> that isn't working.
>
>
>
> So over the years I have successfully added quite a few SP to our IDP but
> this past week I have run into one that I am having trouble getting
> working. I believe there is some mismatch with their metadata vs. what
> they are requesting.
>
>
>
> Here is the error log a user sees when trying to access the SP:
>
> Login - Unable to Respond
>
> The login service was unable to identify a compatible way to respond to
> the requested application. This is generally to due to a misconfiguration
> on the part of the application and should be reported to the application's
> support team or owner.
>
>
>
> On the IDP side ( 3.3.1 - I know, we need to upgrade to 4) , I see these
> errors:
>
> idp-process.log:2020-05-15 13:13:02,959 - DEBUG
> [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:126] -
> Endpoint Resolver
> org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither
> candidate endpoint location '
> https://saml-live.scenariolearning.com/saml/acs?dest=gustavus-mn.safecolleges.com'
> nor response location 'null' matched '
> https://saml-live.scenariolearning.com/saml/acs?dest=gustavus.mn.safecolleges.com'
> (ipv6 ip address removed)
>
>
>
> idp-process.log:2020-05-15 13:13:02,959 - WARN
> [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:410]
> - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve
> outbound message endpoint for relying party '
> saml-live.scenariolearning.com': EndpointCriterion
> [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService,
> Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=
> https://saml-live.scenariolearning.com/saml/acs?dest=gustavus.mn.safecolleges.com,
> trusted=false] (ipv6 ip address removed)
>
>
>
> Am I correct that the error message says that the endpoint location does
> not match however they look identical? Is there an issue with a question
> mark in there? Hopefully I am just overlooking something obvious and you
> all can point it out for me :)
>
>
>
> The SP claims they have this working with other customers using
> Shibboleth. Wondering if anyone has any idea what might be wrong on my
> end, or what I should tell the SP they need to fix?
>
>
>
> sadfasdf
>
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200515/2c6cab89/attachment.htm>
More information about the users
mailing list