[Shib-Users] Where to configure for: Error Message: SAML 2 SSO profile is not configured for relying party
John Nowlin
IdP under Tomcat 6.0. They both independently are running on one
machine. After days of reading documentation, googleing error messages
and tinkering with various XML files, I have hit an error message that I
can't overcome. I am sure it is easy but nonetheless, I am stymied.
When I accesses my secured IIS directory, the IdP replies with a
Shibboleth error message.
Error Message: SAML 2 SSO profile is not configured for relying party
https://my.machines.fqdn/shibsecured/
And sure enough in the idp-process.log are the error statements:
WARN
[org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:80] -
SPSSODescriptor role metadata for entityID
'https://my.machines.fqdn/shibsecured/' could not be resolved
WARN
[edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHand
ler:255] - No metadata for relying party
https://my.machines.fqdn/shibsecured/, treating party as anonymous
ERROR
[edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
:174] - SAML 2 SSO profile is not configured for relying party
https://my.machines.fqdn/shibsecured/
ERROR
[edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispat
cherServlet:85] - Error processing profile request
edu.internet2.middleware.shibboleth.common.profile.ProfileException:
SAML 2 SSO profile is not configured for relying party
https://my.machines.fqdn/shibsecured/
So I added <RelyingParty ...> to the idp\config\relying-party.xml the
following, based on information I found at
https://spaces.internet2.edu/display/SHIB2/IdPRelyingParty:
<RelyingParty
id="https://my.machines.fqdn/shibsecured"
provider="https://my.machines.fqdn:8443/idp" >
along with a section for <ProfileConfiguration
xsi:type="saml:SAML2SSOProfile" ... and continued with the same results.
I am sure this is obvious to others who have been down this path before,
can you please suggest what are the next steps I should take to overcome
this error.
Sincerely
john
John Nowlin
Software Development Consultant
College Center for Library Automation
Nate Klingenstein
Scott Cantor
> machine. After days of reading documentation, googleing error messages
> and tinkering with various XML files, I have hit an error message that I
> can't overcome. I am sure it is easy but nonetheless, I am stymied.
Yes, for some reason that error message isn't listed in the common errors
page for the IdP.
> WARN
> [org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:80] -
> SPSSODescriptor role metadata for entityID
> 'https://my.machines.fqdn/shibsecured/' could not be resolved WARN
> [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHand
> ler:255] - No metadata for relying party
Your metadata isn't correct. It exists, since it's failing on the role and
not the entity, but the SPSSO role isn't correct/valid.
> So I added <RelyingParty ...> to the idp\config\relying-party.xml the
> following, based on information I found at
> https://spaces.internet2.edu/display/SHIB2/IdPRelyingParty:
Adding a relying party doesn't fix the metadata, it just configures behavior
when the metadata is valid/present.
-- Scott
John Nowlin
Thank you, I had commented out that <MetadataProvider section of the relying-party.xml thinking it would just add a layer of complication that I didn’t want to deal with. Oh well, onward through the next error, 404 The requested resource () is not available. which is in the faq.
John