sp can not get metadata from idp

MA Lanxin ma at ihep.ac.cn
Mon Jan 11 09:46:49 UTC 2021 

Hello,

My SP cannot get metadata from IDP.
My SP version is 3.1.0, Apache version is 2.4.6. My IDP version is 2.4.1

rpm -qa | grep shib
shibboleth-3.1.0-3.1.x86_64
liblog4shib2-2.0.0-3.1.x86_64

rpm -qa | grep httpd
httpd-tools-2.4.6-93.el7.centos.x86_64
httpd-2.4.6-93.el7.centos.x86_64

Here is the error log  in /var/log/shibboleth/shibd.log at SP

2021-01-11 17:21:22 INFO Shibboleth.Application : building MetadataProvider of type XML...
2021-01-11 17:21:22 ERROR XMLTooling.libcurl.InputStream : error while fetching https://idp-test.ihep.ac.cn/idp/profile/Metadata/SAML: (59) Unknown cipher in list: ALL:!aNULL:!LOW:!EXPORT:!SSLv2
2021-01-11 17:21:22 ERROR XMLTooling.libcurl.InputStream : on Red Hat 6+, make sure libcurl used is built with OpenSSL
2021-01-11 17:21:22 ERROR XMLTooling.ParserPool : fatal error on line 0, column 0, message: internal error in NetAccessor
2021-01-11 17:21:22 ERROR OpenSAML.MetadataProvider.XML : error while loading resource (https://idp-test.ihep.ac.cn/idp/profile/Metadata/SAML): XML error(s) during parsing, check log for specifics
2021-01-11 17:21:22 WARN OpenSAML.MetadataProvider.XML : adjusted reload interval to 600 seconds
2021-01-11 17:21:22 WARN OpenSAML.MetadataProvider.XML : trying backup file, exception loading remote resource: XML error(s) during parsing, check log for specifics

Hereis my SP config
cat /etc/shibboleth/shibboleth2.xml
    <ApplicationDefaults entityID = "https://a.ihep.ac.cn/shibboleth"
        REMOTE_USER="eppn subject-id pairwise-id persistent-id"
        cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1"
        encryption="false">
            <SSO entityID="https://idp-test.ihep.ac.cn/idp/shibboleth" >
              SAML2 SAML1
            </SSO>

        <MetadataProvider type="XML" validate="true"
        url="https://idp-test.ihep.ac.cn/idp/profile/Metadata/SAML"
        backingFilePath="idp-test-metadata.xml" maxRefreshDelay="7200">
        </MetadataProvider>

I do not understand.  What cause the problem. Could any body help ?
Thanks a lt,

Best Regards,
Lanxin

More information about the users mailing list