Hi, I have installed Shib 2 IDP and trying to connect to test shib service provider https://sp.testshib.org/. When I enter my credentials I am redirected to my IDP without any error message and prompted for my username and password. When I enter my user name and password I am redirected to https://shibboleth.brunel.ac.uk/idp/Authn/RemoteUser with a 403 Access denied error message. I checked the Catalina logs in tomcat 5.5 and there are no error logs. The Shib process logs reports the following: r https://sp.testshib.org/shibboleth-sp. Using default relying party configuration. 13:17:25.794 DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler :169] - Creating login context and transferring control to authentication engine 13:17:25.826 DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:147] - Processing incoming request 13:17:25.841 DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:184] - Beginning user authentication process 13:17:25.841 DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:192] - Possible authentication handlers for this request: {urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified=edu.internet2.middle ware.shibboleth.idp.authn.provider.RemoteUserLoginHandler@1c4bcda, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=edu.in ternet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHa ndler@14aa6c3, urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession=edu.internet2.mid dleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler@a6997} 13:17:25.841 DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:205] - Possible authentication handlers after filtering: {urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified=edu.internet2.middle ware.shibboleth.idp.authn.provider.RemoteUserLoginHandler@1c4bcda, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=edu.in ternet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHa ndler@14aa6c3, urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession=edu.internet2.mid dleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler@a6997} 13:17:25.841 DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:394] - Authenticating user with login handler of type edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHa ndler 13:17:25.841 DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginH andler:75] - Redirecting to https://shibboleth.brunel.ac.uk:443/idp/Authn/RemoteUser I checked the login.conf, web.xml and server.xml and it seems fine. What am I missing ? How to get this working please help. Thanks Karthik Shan PS:Tried this qustion on on Internet 2 discussion forum and posting it again on JISC group.