[Shib-Users] Problems with IdP and TestShib 2.0

159 views
Skip to first unread message

mickys...@tiscali.it

unread,
Sep 8, 2008, 5:59:29 AM9/8/08
to shibbole...@internet2.edu
Hi, I'm trying to test my IdP with TestShib 2.0 but there are problems.
The entityID of my registered IdP is *icarlab.unibas.it* and the error
that I receive is :

/opensaml::FatalProfileException at
(https://sp.testshib.org/Shibboleth.sso/SAML2/POST)

Unable to establish security of incoming assertion.

/This error is shown after authentication process provided by server./
/I searched on the mailing list and I have found this thread

https://mail.internet2.edu/wws/arc/shibboleth-users/2008-04/msg00387.html

but it doesn't solve my problem. I have also test with this url :

https://sp.testshib.org/Shibboleth.sso/TestShib?acsIndex=3&providerId=https%3A%2F%2Ficarlab.unibas.it%2Fidp%2Fshibboleth

and the error is the follow :

/Unknown or Unusable Identity Provider

You've attempted to login using an IdP I've never heard of. I don't know
where to send you. You might have made a typo (watch out for https), or
you might've forgotten to register with TestShib Two or One first.

If you'd like to see the error, you can look at the last lines of .

Identity provider lookup failed at
(https://sp.testshib.org/Shibboleth.sso/TestShib)

EntityID: icarlab.unibas.it/idp/shibboleth

opensaml::Saml2md::MetadataException: Unable to locate metadata for
identity provider (icarlab.unibas.it/idp/shibboleth)/

My relying-party.xml configuration file is :

/ <AnonymousRelyingParty
provider="https://icarlab.unibas.it/idp/shibboleth" />

<DefaultRelyingParty provider="https://icarlab.unibas.it/idp/shibboleth"
defaultSigningCredentialRef="IdPCredential">/

Can someone help me ?
There's something in configuration files that must be changed ?

Thanks
Micky Santomax

Chad La Joie

unread,
Sep 8, 2008, 6:24:46 AM9/8/08
to shibbole...@internet2.edu
The error indicates that the entityID is wrong. TestShib sees it as
"icarlab.unibas.it/idp/shibboleth" which is missing the https:// in
front of it. Did you have your IdP misconfigured at one point, leaving
out the "http://" component, fix, and then forget to restart? That
would be the first thing I checked.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

mickys...@tiscali.it

unread,
Sep 8, 2008, 10:02:03 AM9/8/08
to shibbole...@internet2.edu
No, as you can see in
https://www.testshib.org/metadata/testshib-two-
metadata.xml my entityID
is correct and the AnonymousRelyingParty and
DefaultRelyingParty below
are also correct.

Notice : I'm behind a
firewall that accepts only connections on ports
80, 443 and 8080. Could
be this the problem ?

Chad La Joie ha scritto:

>> Thanks
>> Micky Santomax


Con Tiscali Adsl 8 Mega navighi SENZA LIMITI e GRATIS PER I PRIMI MESI. In seguito paghi solo € 19,95 al mese. Attivala subito, l’offerta è valida fino al 10/09/2008! http://abbonati.tiscali.it/promo/adsl8mega/

Reply all
Reply to author
Forward
0 new messages