[Shib-Users] CRIT Shibboleth.Application : no MetadataProvider available, configuration is probably unusable
Tommy Peterson
1. I installed the Idp and got the OK message.
2. I accepted the metaprovider data xml that was created.
3. I set up the authentication method.
4. I installed the SP.
5. Changed the permissions on the shibboleth and log directories.
6. Started it with a start message.
7. Then I tried to browse the http://localhost/ Shibboleth.sso/Status and get the following error message:
CRIT Shibboleth.Application : no MetadataProvider available, configuration is probably unusable
8. searched the net and archives and people are referring to registering with testshib or something like that. I am trying a local set up with my idp and sp and two applications on apache, tomcat, and linux.
I am guessing that the error message is related to step 2 above. I remember getting stuck on the verb “load” in “Load SAML metadata for the service provider(s) with which you will interact.” I really didn’t see anything that indicated action in the documentation. However, I have noted in looking at the archives that this involves using an installed Sp and installed Idp (so I take they are to be set in parallel not one after the other): http://shibboleth.1660669.n2.nabble.com/Re-Source-of-SAML-Metadata-for-the-service-provider-s-td4755615.html.
Suggestions?
Thanks.
This message contains Devin Group confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this e-mail in error and delete this e-mail from your system. E-mail transmissions cannot be guaranteed secure, error-free and information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or contain viruses. The sender therefore does not accept liability for errors or omissions in the contents of this message which may arise as result of transmission. If verification is required please request hard-copy version.
Cantor, Scott E.
>7.
>Then I tried to browse the http://localhost/ Shibboleth.sso/Status and
>get the following error message:
>CRIT Shibboleth.Application : no MetadataProvider available,
>configuration is probably unusable
I don't believe you get that message in response, it's simply a log
message that will appear any time the SP has no metadata. There is nothing
you can do with an SP without metadata.
>
>8.
>searched the net and archives and people are referring to registering
>with testshib or something like that. I am trying a local set up with my
>idp and sp and two applications on apache, tomcat, and linux.
Then you had better provide metadata to the SP.
-- Scott
Tommy Peterson
In other words, I go here->
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxInstall
do the install
skip the initial testing (the first par in that section and the second par in green) and
go directly to getting start here->https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPGettingStarted
I'm confused as to what the checkpoints are . . . and the steps to get this working.
--Tommy
-- Scott
Cantor, Scott E.
>OK. To be clear (for me), are you saying that I should get that message
>and that I can't
>get a test status page to show up until I do this?
No, I said exactly the opposite.
>I'm confused as to what the checkpoints are . . . and the steps to get
>this working.
There are no meaningful checkpoints to configuring half of a SSO system,
and Shibboleth relies on a model of mutual authentication of the peers,
which makes a quick "install and test" process impossible.
The status page provides a primitive verification of some installation
coherency with the web server, nothing else. It works fine regardless of
whether metadata has been installed or not. As I said originally, there is
simply no way I know of to get that message *in the client*. It's a log
message during startup.
-- Scott
Tommy Peterson
Thanks
-----Original Message-----
From: shibboleth-u...@internet2.edu [mailto:shibboleth-u...@internet2.edu] On Behalf Of Cantor, Scott E.
Sent: Monday, May 02, 2011 11:48 AM
To: shibbole...@internet2.edu
Subject: Re: [Shib-Users] CRIT Shibboleth.Application : no MetadataProvider available, configuration is probably unusable
-- Scott
Cantor, Scott E.
>Ok. Then since I am not getting a page at all and since the only logged
>error message that I get is something irrelevant at this point (since I
>am not looking at it as a whole but in parts) what do you suggest I do to
>get the page at least--to as you say get the "primitive verification of
>some installation coherency with the web server"?
Probably fix the ACL on the handler or use localhost since that's what it
requires by default. Otherwise I couldn't say, it's obviously not working
at all and you'll have to dig into the logs that would be relevant, like
native.log.
-- Scott
Tommy Peterson
-----Original Message-----
From: shibboleth-u...@internet2.edu [mailto:shibboleth-u...@internet2.edu] On Behalf Of Cantor, Scott E.
Sent: Monday, May 02, 2011 12:01 PM
To: shibbole...@internet2.edu
Subject: Re: [Shib-Users] CRIT Shibboleth.Application : no MetadataProvider available, configuration is probably unusable
-- Scott
Peter Schober
> It was because Shibboleth installs its files in the base Linux
> Apache install which I was not using.
"Shibboleth" installs nothing. You install the software either from
source (and decide where things go) or via packages provided by the
project (for the supported platforms; of course assuming distribution
packages of Apache httpd etc. for the binary packages).
If you want a packaged SP but can't or don't want to use the httpd
provided by your distribution/platform you can rebuild the SRPM to fit
your httpd exactly, cf. the documentation.
-peter