Thierry,
You're correct, an IdP with that entity is definitely in the UK federation
metadata. So this means your SP can't have loaded the metadata correctly
for some reason.
I'd suggest you crank up the logging of shibd to DEBUG (in shibd.logger),
restart, and find the bit where the SP tries to load the metadata. See
what it says there...
R.
--
----------------------------------------------------------------------
Rhys Smith e: [log in to unmask]
Engineering Consultant: Identity & Access Management (GPG:0xDE2F024C)
Information Services,
Cardiff University, t: +44 (0) 29 2087 0126
39-41 Park Place, Cardiff, f: +44 (0) 29 2087 4285
CF10 3BB, United Kingdom. m: +44 (0) 7968 087 821
----------------------------------------------------------------------
From:
Thierry Delaitre <[log in to unmask]>
To:
[log in to unmask]
Date:
26/11/2008 16:17
Subject:
[JISC-SHIBBOLETH] assertion issuer not found in metadata
Hello,
I'm suddenly getting this error when accessing a service hosted by our
Shib
SP:
Unauthorized Identity Provider
The identity provider supplying your login credentials is not authorized
for
use with this service.
You should inquire with your identity provider as to whether this service
is
intended to be enabled for your use.
Please include the following error message in any email:
Metadata lookup failure at
(https://isls-shib2.wmin.ac.uk/Shibboleth.sso/SAML/POST)
Session Creation Error
metadata lookup failed, unable to process assertion
---
I can see this in the shibd.log. The ukfederation-metadata.xml is up to
date
and the issuer entry is in the file. Any hints on how to troubleshoot this
?
2008-11-26 13:08:33 INFO shibtarget.SessionCache : deleting 0 old items.
2008-11-26 13:12:29 ERROR Shibboleth.ShibBrowserProfile : assertion issuer
not found in metadata (Issuer='https://idp.wmin.ac.uk/entity',
NameQualifier='https://idp.wmin.ac.uk/entity')
2008-11-26 13:12:29 ERROR shibd.Listener : caught exception while creating
session: metadata lookup failed, unable to process assertion
2008-11-26 13:13:33 INFO shibtarget.SessionCache : deleting 0 old items.
Thanks,
Thierry.
|