First... try to configure Relying Party configuration; SAML2SSO one. See how that goes.

I had already configured RP as SAML2S0. PLease check the Screenshot for [Relying Party](https://ibb.co/mOyhyw) and [Trust Relationship](https://ibb.co/c8Bfkb)

Hi mohib zico, Waiting for your input, thanks in Advance.

Ok. This should be fixed in 3.1.1 which we are going to release soon; please use 3.1.1 instead of 3.1.0. There is a workaround for this: - Modify `metadata-providers.xml.vm` ( location: /opt/gluu/jetty/identity/conf/shibboleth3/idp ) like below: ``` <?xml version="1.0" encoding="UTF-8"?> <MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd"> <!-- ========================================================================================== --> <!-- Metadata Configuration --> <!-- --> <!-- Below you place the mechanisms which define how to load the metadata for the SP you will --> <!-- provide a service to. --> <!-- --> <!-- The Shibboleth Documentation at --> <!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration --> <!-- provides more details. --> <!-- --> <!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. --> <!-- --> <!-- ========================================================================================== --> #foreach( $trustRelationship in $trustParams.trusts ) #if($trustRelationship.spMetaDataSourceType.value == 'file') <MetadataProvider id="SiteSP$trustParams.trustIds.get($trustRelationship.inum)" xsi:type="FilesystemMetadataProvider" metadataFile="$medataFolder$trustRelationship.spMetaDataFN" > #end #if($trustRelationship.spMetaDataSourceType.value == 'uri') <MetadataProvider id="SiteSP$trustParams.trustIds.get($trustRelationship.inum)" xsi:type="FileBackedHTTPMetadataProvider" metadataURL="$trustRelationship.spMetaDataURL" backingFile="$medataFolder$trustRelationship.spMetaDataFN" maxRefreshDelay="$trustRelationship.maxRefreshDelay" > #end #if( $trustRelationship.gluuSAMLMetaDataFilter and $trustRelationship.getGluuSAMLMetaDataFilter().size() > 0 ) <MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata"> #foreach( $filter in $trustRelationship.getGluuSAMLMetaDataFilter() ) $filter #end </MetadataFilter> #end #if($trustRelationship.spMetaDataSourceType.value == 'file' || $trustRelationship.spMetaDataSourceType.value == 'uri') </MetadataProvider> #end #end </MetadataProvider> ``` - Restart identity and idp services with: - service identity stop/start - service idp stop/start

Hi Mohib, I have made changes to the file as mentioned but I am still getting the same error. 2017-10-12 12:08:12,896 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:128] - Message Handler: No metadata returned for https://intellus-sso.aws.intelluslearning.com/?metadata in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol 2017-10-12 12:08:12,920 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for relying party configuration shibboleth.UnverifiedRelyingParty 2017-10-12 12:08:12,930 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: InvalidProfileConfiguration Where am I going wrong ?

Can you please share your metadata? I'll try to load it locally.

Hi Mohib, Thanks, I worked now. There were 2 issues our load balancers were inside the VPC and the metadata endpoint was not public and the certificate was not properly attached to the elb. Thanks for your support, Saikat

Alright. Good point. Thanks for sharing!