Hello, i try to have fun working thru your book __Schwartz/Machulak: Securing the Perimeter, Apress 2018__. Up to now i am in Chapter 3 SAML on page 82 of paragraph **Configure the Shibboleth SP** In the unsorted list the first point wants me to change > __entityID__ ... should match the value ... in your SP metadata in the file ``` /etc/shibboleth/shibboleth2.xml ``` on my SP Server. In ``` /etc/shibboleth/example-shibboleth2.xml ``` i can find an __entityID__ example with description here ``` <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. Resource requests are mapped by the RequestMapper to an applicationId that points into to this section (or to the defaults here). --> <ApplicationDefaults entityID="https://sp.example.org/shibboleth" ``` The __entityID__ of my __shib-metagen__-generated SP metadata file *squid-metadata.xml* is ``` entityID="https://squid.fritz.box/shibboleth ``` So i am replacing sp.example.org with squid.fritz.box . What confuses me is the folder shibboleth in the URL, because such folder does not exist in the *DocumentRoot* of the SP's apache2 Server. The steps in the book on page 79 created the folders ``` /var/www/html/sp ``` and ``` /var/www/protected ``` but there is no folder ``` /var/www/html/shibboleth ``` So what should the correct __entityID__ in *ApplicationDefaults* be, regarding to the book and its steps? Or is __entityID__ just a name, not related to existing folders? Anyway, i continued with the __entityID__ ``` entityID="https://squid.fritz.box/shibboleth ``` in the <ApplicationDefaults Section. Next i set the entityID of my __IDP__ in the __SessionInitiator__ element. Restarting the shibd-service ``` s# service shibd restart Restarting Shibboleth 3 daemon: shibd. ``` the log-file */var/log/shibboleth/shibd_warn.log* mentions ``` WARN Shibboleth.Application : no MetadataProvider available, configure at least one for standard SSO usage ``` With _MetadataProvider_ i found these entries in the shibboleth2.xml ``` <!-- Example of locally maintained metadata. --> <!-- <MetadataProvider type="XML" validate="true" path="partner-metadata.xml"/> --> <!-- Example of remotely supplied batch of signed metadata. --> <!-- <MetadataProvider type="XML" validate="true" url="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" maxRefreshDelay="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> <MetadataFilter type="Signature" certificate="fedsigner.pem" verifyBackup="false"/> <DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true" attributeName="http://macedir.org/entity-category" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="http://refeds.org/category/hide-from-discovery" /> </MetadataProvider> --> <!-- Example of remotely supplied "on-demand" signed metadata. --> <!-- <MetadataProvider type="MDQ" validate="true" cacheDirectory="mdq" baseUrl="http://mdq.federation.org" ignoreTransport="true"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> <MetadataFilter type="Signature" certificate="mdqsigner.pem" /> </MetadataProvider> --> ``` I have no idea how to adjust settings here to get rid of the Warning ``` no MetadataProvider available ``` And duckduckgo could not help me out for three days now ... Can it be handled in the ``` locally maintained metadata ``` section? If yes, what content needs the _partner-metadata.xml_ file? Help is very much appreciated here, Johann