TestShib: Unable to locate metadata for identity provider

By: David Hafley user 22 Nov 2016 at 9:19 p.m. CST

6 Responses
David Hafley gravatar
I've recently installed Gluu and attempting my first Trust Relationship. It looks like the TestShib service is available to ensure that Gluu is setup correctly and I'm following this documentation: https://gluu.org/docs/integrate/test-shib2/ When setting up the trust relationship, I do not have and "eduPerson TargetedID" attribute available, so the only attributes released are username and first name. Creating the trust relationship appears to succeed (below copied from wrapper.log) ``` INFO | jvm 1 | 2016/11/23 02:52:25 | 2016-11-23 02:52:25,390 INFO [org.gluu.oxtrust.ldap.service.TrustService] Creating TR @!E76D.03D0.B39D.6565!0002!E986.8323!0006!EDC0.C2B2 INFO | jvm 1 | 2016/11/23 02:52:25 | 2016-11-23 02:52:25,453 INFO [org.gluu.oxtrust.action.UpdateTrustRelationshipAction] Shibboleth2 configuration updated successfully INFO | jvm 1 | 2016/11/23 02:53:42 | 2016-11-23 02:53:42,285 INFO [org.gluu.oxtrust.ldap.service.MetadataValidationTimer] IDP config generation is set to true INFO | jvm 1 | 2016/11/23 02:53:42 | 2016-11-23 02:53:42,324 INFO [org.gluu.oxtrust.ldap.service.MetadataValidationTimer] IDP config generation files finished. TR count: '4' INFO | jvm 1 | 2016/11/23 02:58:07 | 2016-11-23 02:58:06,971 WARN [org.jboss.seam.ui.renderkit.DefaultActionRendererBase] Must set an id for the default action source INFO | jvm 1 | 2016/11/23 02:58:07 | 2016-11-23 02:58:06,978 WARN [org.jboss.seam.ui.renderkit.DefaultActionRendererBase] Must set an id for the default action source INFO | jvm 1 | 2016/11/23 02:58:07 | 2016-11-23 02:58:06,979 WARN [org.jboss.seam.ui.renderkit.DefaultActionRendererBase] Must set an id for the default action source INFO | jvm 1 | 2016/11/23 02:58:07 | 2016-11-23 02:58:06,980 WARN [org.jboss.seam.ui.renderkit.DefaultActionRendererBase] Must set an id for the default action source INFO | jvm 1 | 2016/11/23 02:58:07 | Nov 23, 2016 2:58:07 AM com.sun.faces.renderkit.html_basic.MessageRenderer encodeEnd INFO | jvm 1 | 2016/11/23 02:58:07 | WARNING: 'for' attribute cannot be null ``` I was able to register my metadata xml that I wget from the instructions [here](https://support.gluu.org/216/) Previewing the upload looks fine and familiar. When I go to test [here](https://sp.testshib.org/), type in https://myhostname/idp/shibboleth and hit enter, the next page... opensaml::saml2md::MetadataException opensaml::saml2md::MetadataException at (https://sp.testshib.org/Shibboleth.sso/TestShib) Unable to locate metadata for identity provider (http://myhostname/idp/shibboleth) **I've substituted my dns with "myhostname" or similar.
U1404
closed

Answers

By Michael Schwartz Account Admin 22 Nov 2016 at 9:35 p.m. CST

Copy
Michael Schwartz gravatar
`http://myhostname/idp/shibboleth` ? Why is it using http?

By David Hafley user 22 Nov 2016 at 9:42 p.m. CST

Copy
David Hafley gravatar
My mistake in typing. I used https, just confirmed. I have not updated the self-signed certs that were created on installation. Could that be related?

By Michael Schwartz Account Admin 22 Nov 2016 at 9:50 p.m. CST

Copy
Michael Schwartz gravatar
1. Release transientid ... that is usually required because it's the default nameid 2. It could be because of the self-signed certificate. You might want to update to a cert from https://letsencrypt.org 3. I haven't used testshib in a while. Are you sure it's actually loaded your configuration?

By Aliaksandr Samuseu staff 23 Nov 2016 at 9:06 a.m. CST

Copy
Aliaksandr Samuseu gravatar
> I haven't used testshib in a while. Are you sure it's actually loaded your configuration? I tried it a couple months ago, also for a test instance with self-signed certs, worked fine for me.

By David Hafley user 23 Nov 2016 at 8:21 p.m. CST

Copy
David Hafley gravatar
Adding transientid did it! Thanks so much for your help. I'll submit a PR to your docs in case you think this applies to everyone.

By Sahil Arora user 30 Nov 2016 at 11:05 p.m. CST

Copy
Sahil Arora gravatar
David, we are marking this ticket resolved. Please feel free to open another ticket for any assistance.

Post an answer