Error 404 when saving IdP Entity ID in NetApp

Tue Oct 11 11:45:14 UTC 2022

I'm a little confused by this line: "So I was able to navigate to the EntityID, got a CAC login, and successfully logged in".

Are you protecting your IdP metadata endpoint? If so, that's likely the problem. It should allow anonymous access to the IdP metadata.

Your NetApp is likely trying to visit the metadata URL but isn't receiving XML, but receiving a 200/302 text/html response.

- Steve

From: users <users-bounces at shibboleth.net> on behalf of Matt Swann via users <users at shibboleth.net>
Date: Tuesday, October 11, 2022 at 7:38 AM
To: Nate Klingenstein <ndk at signet.id>
Cc: Matt Swann <mswann090 at gmail.com>, Shib Users <users at shibboleth.net>
Subject: Re: Error 404 when saving IdP Entity ID in NetApp
Thanks Nate. This was super helpful and guided me in the right direction.

So I was able to navigate to the EntityID, got a CAC login, and successfully logged in.

I tried to tie the IdP entityID. to NetApp and received:

" Complete: SAML job failed, Reason: IdP metadata downloaded from the provided URL does not have the "entityID" attribute with namespace "urn:oasis:names:tc:SAML:2.0:metadata".

I'm going to start digging into that error more now. It's definitely headed in the right direction as NetApp can now download the Metadata from the IdP just I just need to fix this error now.

Thanks again,

Matt

On Fri, Oct 7, 2022 at 12:00 PM Nate Klingenstein <ndk at signet.id<mailto:ndk at signet.id>> wrote:
Matt,

> Is it possible this could be a port issue within the firewall given your experience?

That depends on the firewall, but it's more likely to be a 404 from some other entity.  Have you checked to see whether it's the Servlet container returning the 404?  If so, that would indicate that it's not routing requests to the IdP correctly even if the IdP is apparently instantiating fine.  You might try querying https://localhost/idp/shibboleth<https://urldefense.com/v3/__https:/localhost/idp/shibboleth__;!!IBzWLUs!XnAVMGSF9gnVdhay9GteQGL6CYrClTOYh0lOEQG6MJl9wKmT1ndWztn2QydGXGTD0xJhNnDMqCmKUEjf$> from the server itself.

> Before I do that, is there anything else you might know that could cause this issue?

All sorts of things in the web hosting environment could be implicated, and they're more probable root causes than a firewall.

Take care,
Nate

--------
Signet, Inc.
The Art of Access ®

https://www.signet.id<https://urldefense.com/v3/__https:/www.signet.id__;!!IBzWLUs!XnAVMGSF9gnVdhay9GteQGL6CYrClTOYh0lOEQG6MJl9wKmT1ndWztn2QydGXGTD0xJhNnDMqJRtCnQ8$>

-----Original message-----
From: Matt Swann via users
Sent: Friday, October 7 2022, 5:13 am
To: Shib Users
Cc: Matt Swann
Subject: Re: Error 404 when saving IdP Entity ID in NetApp

Hey Everyone,

Thanks for all the help. I just wanted to provide an update. All of the errors are cleared in the logs and it's only info messages at this point. I unfortunately am still getting a 404 error when trying to navigate to the EntityID within a browser. Also, when I try to add the EntityID within NetApp I get an error saying it can't receive the IdP metadata.

Is it possible this could be a port issue within the firewall given your experience? I'd have to submit a request to that specific team to make sure the correct ports are open. Before I do that, is there anything else you might know that could cause this issue?

Thanks again!

Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221011/3ddfd3a2/attachment.htm>