Hi, ADFS metadata is by default not Shibboleth friendly. You need to manually modify it if you want to use that metadata in Shibboleth. Please feel free to check "To create edited AD FS 2.0 metadata with an added scope element" section in: https://technet.microsoft.com/en-us/library/gg317734(v=ws.10).aspx .

Thanks for answer! As mentioned I have already did it and the same errors exists I can attach metadata if needed.

You still need to modify these syntax. ERROR: cvc-type2 means.. it's not compatible with Shib.

OK. Thanks for a tip. I have manage to solve this using powershell script to modify ADFS metadata. Now it is validates sucessfully. Unfortunatelly I have another error. When forwarding logon request from ADFS to Gluu I've got in the logs: > 2017-04-15 16:19:23,366 - WARN [org.opensaml.profile.action.impl.LogEvent:76] -2017-04-15 16:21:54,252 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:128] - Message Handler: No metadata returned for http://sts.keralots.com/adfs/services/trust in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol 2017-04-15 16:21:54,255 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for relying party configuration shibboleth.UnverifiedRelyingParty 2017-04-15 16:21:54,256 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: InvalidProfileConfiguration

Rafal, Please create a new ticket with your new error; it will help to align issues with ticket subject. Thanks much!