Which logs did you check? I would look at the oxtrust logs, because it seems like there is an error with the form. You can try to turn up the log level for oxtrust too. You don't need to wait 5 minutes, because the xml is not rendering. If you want to decrease the wait time in general, you can set this in the shibboleth xml settings.

Hi, Eduardo. Do you get the error when you still trying to add in via web UI, or later, when you sent to IDP during SAML flow? Please follow Michael's suggestion and gather some logs. If I got you right, it's web UI that fails in your case, so you need to check `/opt/gluu/jetty/identity/logs/oxtrust.log` for any related errors and warnings. As you supply your SP's metadata by url, I would say it's very likely oxTrust can't use this url to fetch it. Could you try to download the metadata manually, and provide it using "File" method instead? If it will work, then we'll be able to confirm it's true. If there still will be the same error when providing it with "File" method, I would try to check whether you have enough memory assigned for JVMs first. This is especially true if you try to create TR with some federation metadata, which is usually very heavy to process. - For web UI: `/etc/default/identity` file - for IDP: `/etc/default/idp` file You'll see line like this in both: `JAVA_OPTIONS="-server -Xms256m -Xmx636m -XX:MaxMetaspaceSize=273m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/identity -Dlog.base=/opt/gluu/jetty/identity -Dpython.home=/opt/jython -Dorg.eclipse.jetty.server.Request.maxFormContentSize=50000000"` Make sure that `-Xms` is at 512m, and `-Xmx` is at 1024 at least (better 1536m or 2048m). If you'll have to change it, restart "identity" and "idp" services in the end.

Hi, Eduardo. Any updates on this one?

Hello Aliaksandr i have checked oxtrust logs after i clicked on the "add" button, and the only error i'm getting is this: "2019-08-09 21:13:04,437 ERROR [Thread-60556] [org.gluu.oxtrust.ldap.service.EntityIDMonitoringService] (EntityIDMonitoringService.java:92) - Exception happened while monitoring EntityId java.lang.NullPointerException: null" nothing else. Also, i have tried local file instead of URI and i got the same result. FInally i have changed identity and idp files with recommended values, but still got the same result. Thanks in advance for any help you can give me

Hi, Eduardo. Please share the metadata file with us so we could try to reproduce it.

Hi Aliaksandr, Thank you for the help. Below is the metadata you requested from Eduardo. ``` <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://jira.test.euc1.apcela.net"><md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIID7TCCAtWgAwIBAgIJAMcsf4R7oVMZMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYDVQQGEwJJTjELMAkGA1UECAwCTUgxDTALBgNVBAcMBFBVTkUxEzARBgNVBAoMCk1JTklPUkFOR0UxEzARBgNVBAsMCk1JTklPUkFOR0UxEzARBgNVBAMMCk1JTklPUkFOR0UxIjAgBgkqhkiG9w0BCQEWE2luZm9AbWluaW9yYW5nZS5jb20wHhcNMTUxMDMwMTA1NDQ4WhcNMjAxMDI4MTA1NDQ4WjCBjDELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAk1IMQ0wCwYDVQQHDARQVU5FMRMwEQYDVQQKDApNSU5JT1JBTkdFMRMwEQYDVQQLDApNSU5JT1JBTkdFMRMwEQYDVQQDDApNSU5JT1JBTkdFMSIwIAYJKoZIhvcNAQkBFhNpbmZvQG1pbmlvcmFuZ2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxulwAiXvaJvT6JEckasFcHY7eME2hjClXPKtGJ6okiPOPQjMAv+zYxZ2beAUPWxg1pfE7HIdTLh6A0yD2Afnw9ayKmCGiq6rX8TqXzEo8J01M/zGRBXxw+QCjB7BpWpHUVcdfagUEJrURHRcx6VXXf/9xprbtv7Wsx/WVhqGl6MCtj4m5tTsHyYD9BOawxtmaq7dNSECkt9qNUfu+EvTYk3LHI3IoJR4HcMTsYjTbJo6lHNT18FQqReWcjNXCTvH17Zit4MaH8WGlL32KV62EyTPZwjqrmUHqoXfj87e+1XOpYk+Z/dApMC47I6++yq+FlyvVne0w48SAHYt4M1rQIDAQABo1AwTjAdBgNVHQ4EFgQUyihK6rNyl3Sx9Onzzup0qko7z7QwHwYDVR0jBBgwFoAUyihK6rNyl3Sx9Onzzup0qko7z7QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAPnp6Q5jfZ33/0hbeeVr+ts5PTxKKdPakoGJWAbgqXzf4h8TuCZMjPBE6g7jk1JqvRFWxg7zx+qhvlWRnwfWl9yAffY0TbBx+EU3kyTYBg2UnffUaSvoko1UzFK1v4dOP2u+wTP8nM/I+HxBjVVcgT+7zOK9Y6GXe1spjdQb2ELdBQ2p7NFXFF4uy6jzN9yw2xBid7ZLkJwGeOykZrrd1YJzGZJoGedpTxrkqbIqRUFnCqKRgB5IzhXO1Xj+xgv8qr0KNJ4oqf58OEHnx2XF21RY0F9vpQ6/BPQKqO4pWjEuWanV36AZ5nHw6PeJXEsK2RUnABeA/xzjxH/NT6Fh3dQ==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://jira.test.euc1.apcela.net/plugins/servlet/saml/logout"/><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://jira.test.euc1.apcela.net/plugins/servlet/saml/logout"/><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://jira.test.euc1.apcela.net/plugins/servlet/saml/auth" index="1"/></md:SPSSODescriptor><md:Organization><md:OrganizationName xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">miniOrange</md:OrganizationName><md:OrganizationDisplayName xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">miniOrange</md:OrganizationDisplayName><md:OrganizationURL xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">http://miniorange.com</md:OrganizationURL></md:Organization><md:ContactPerson contactType="technical"><md:GivenName>Xecurify</md:GivenName><md:EmailAddress>info@xecurify.com</md:EmailAddress></md:ContactPerson><md:ContactPerson contactType="support"><md:GivenName>Xecurify</md:GivenName><md:EmailAddress>info@xecurify.com</md:EmailAddress></md:ContactPerson></md:EntityDescriptor> ``` Let us know if you need more info.

Hi Aliaksandr, Any updates on this one? Let me know if you need more information. Thank you.

Hi, Christian. Sorry for the delayed response. It turns out we can't reproduce this issue. TR created with this metadata passes validation in my local instance. As you are using OpenLDAP-based package, I would suggest to make sure db's size limit hasn't been reached: 1. Inside container, open `/opt/symas/etc/openldap/slapd.conf` file and find out what `maxsize` is set for "o=gluu" context in it; it's around 1GB by default 2. Check size of db file on disk: `# ls -alh /opt/gluu/data/main_db/data.mdb` If the limit is reached, you'll need to increase it and restart the service.

Hi, Christian. Closing for now. You can still post here, if your issue persists.