[Shib-Users] No peer endpoint available to which to send SAML response !! Once Again ?!?!
537 views
Skip to first unread message
Nuno Gonçalves
Nov 6, 2008, 1:23:31 PM11/6/08
to shibbole...@internet2.edu
Hi All,
Having this error and read all about the similar messages about No return endpoint available for relying party https://xpto
http://groups.google.com/group/shibboleth-users/browse_thread/thread/fa095b15ac73fa44/2b1033fe92add3ac?lnk=raot&fwc=1
I can't see what might be wrong both at SP and at IDP
the shibboleth2.xml at SP side have an entityID specified entityID=https://xpto and on IDP's metadata I have an SP with the entityID=https://xpto as Nate suggested,
and with the following on IDP metadata:
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<AssertionConsumerService index="1" isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://xpto/Shibboleth.sso/SAML2/POST"/>
<AssertionConsumerService index="2"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
Location="https://xpto/Shibboleth.sso/SAML/POST"/>
So I have the same entityID both on SP and IDP metadata and the ACS bindings :(
anyway it seems that the IDP does not find the metatada to the entityID https://xpto
The behaviour is after authtenticate at IDP a shib web page error with:
Error Message: No peer endpoint available to which to send SAML response
and the idp-process.log:
18:10:43.925 ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:396] - No return endpoint available for relying party https://xpto
18:10:43.926 ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:85] - Error processing profile request
edu.internet2.middleware.shibboleth.common.profile.ProfileException: No peer endpoint available to which to send SAML response
Having this error and read all about the similar messages about No return endpoint available for relying party https://xpto
http://groups.google.com/group/shibboleth-users/browse_thread/thread/fa095b15ac73fa44/2b1033fe92add3ac?lnk=raot&fwc=1
I can't see what might be wrong both at SP and at IDP
the shibboleth2.xml at SP side have an entityID specified entityID=https://xpto and on IDP's metadata I have an SP with the entityID=https://xpto as Nate suggested,
and with the following on IDP metadata:
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<AssertionConsumerService index="1" isDefault="true"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://xpto/Shibboleth.sso/SAML2/POST"/>
<AssertionConsumerService index="2"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
Location="https://xpto/Shibboleth.sso/SAML/POST"/>
So I have the same entityID both on SP and IDP metadata and the ACS bindings :(
anyway it seems that the IDP does not find the metatada to the entityID https://xpto
The behaviour is after authtenticate at IDP a shib web page error with:
Error Message: No peer endpoint available to which to send SAML response
and the idp-process.log:
18:10:43.925 ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:396] - No return endpoint available for relying party https://xpto
18:10:43.926 ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:85] - Error processing profile request
edu.internet2.middleware.shibboleth.common.profile.ProfileException: No peer endpoint available to which to send SAML response
Can't figure it out why the IDP can't find in Metadata the ACS to send the saml2 response :( Can you guys give me any hint ? thanks for your time reading this regards Nuno -- ______________________________________________ Nuno Gonçalves FCCN Av. do Brasil, nº 101 1700-066 Lisboa tel: +351 218 440 100 - fax: +351 218 472 167 email|SIP: nu...@fccn.pt http://www.fccn.pt ______________________________________________ --- Aviso de Confidencialidade Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via ou para o telefone +351 218 440 100 devendo apagar o seu conteúdo de imediato. This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail or by telephone +351 218 440 100 and delete it immediately. ---
Nate Klingenstein
Nov 6, 2008, 2:34:18 PM11/6/08
to nu...@fccn.pt, shibbole...@internet2.edu
Nuno,
Did you write your metadata by hand? If so, could you please send along your complete metadata? You can always use the /Shibboleth.sso/Metadata handler of the SP. The other thing to look at is the authentication request that was passed. There might be a mismatch there.
Thanks,
Nate.
Reply all
Reply to author
Forward
0 new messages