SV: Shibb sp error

Kicic Sakib Sakib.Kicic at
Thu Jan 28 10:57:01 UTC 2021

Thanks for answer.
Yes, problem is that we need to generate new certificate key pair.
Strange thing is that these sp certificate files where empty for a long time but idp logs says nothing about it until today after restart of idp service. And we also load metadata for sp via proxy each 5 minutes and sp has worked fine all time.
I think we will go with oidc  so we don't get problem with certificates and metadata.


-----Ursprungligt meddelande-----
Från: users <users-bounces at> För Peter Schober
Skickat: den 28 januari 2021 11:48
Till: users at
Ämne: Re: Shibb sp error

* Kicic Sakib <Sakib.Kicic at> [2021-01-28 11:09]:
> shibboleth[1932594]: ERROR Shibboleth.Handler.Metadata [1932594] 
> shib_check_user [default] [default]: error while processing request:
> Can't self-sign metadata, no credential resolver found.

What OS/version is this on?

Sounds to me like you have no key pair generated for the SP (which the installer would do automagically on RHEL/CentOS; on Debian/Ubuntu/etc you'd have to run shib-keygen) *and* configured the SP to sign its own metadata (for whatever reason, probably a misunderstanding).


For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list