Well there is something odd here:
>> 2007-11-13T14:39:40+0000 localhost [shib] Supplied credentials
>> (CN=gate-test.library.lse.ac.uk,OU=Library,O=London School of
>> Economics,L=London,ST=London,C=GB) are NOT valid for provider
"urn:mace:ac.uk:sdss.ac.uk:provider:service:gabriel.lse.ac.uk" is the SP
with comments "This is a Perseus Project SP (an LSE Projects WIKI)".
If I poke one of the end points with curl I see that it is signed correctly
* Server certificate:
* subject: /CN=gabriel.lse.ac.uk/C=GB/ST=England/L=London/O=London
School of [log in to unmask]
* start date: 2006-11-18 07:15:09 GMT
* expire date: 2009-11-18 07:15:09 GMT
* common name: gabriel.lse.ac.uk (matched)
* issuer: /C=BE/O=GlobalSign nv-sa/OU=Enhanced ServerSign
CA/CN=GlobalSign Enhanced ServerSign CA
This seems to be what the metadata wants:
However you are seeing a certificate for gate-test.library.lse.ac.uk. This
appears to belong to the providerId
"urn:mace:ac.uk:sdss.ac.uk:provider:identity:lse.ac.uk" with comments: "This
is an identity provider for the JISC Angel project at LSE."
What does curl say for you if you tickle
Are you resolving DNS correctly? I have 184.108.40.206 for garbriel and
220.127.116.11 for gate-test.