You're not providing nearly enough information for us to help you. Include screenshots of how you configured the SP, SP metadata, and relevant snippets of IDP log files.

Hi, Tyler. Michael is right. We need more information. From your error message, I can only say that IdP most likely still isn't aware of this SP. Either because you configured TR wrong, it didn't become active, or changes haven't yet made it to IdP's configuration files on disk. Please do following: 1. May be you changes haven't been applied yet? Try `# service identity restart` first, wait for 5 mins, then `# service idp restart`. Retry your flow again. 2. Always make sure you removed all cookies related to previous unsuccessful SSO attempts with your Gluu instance (clean all cookies if you are not sure) 3. Go to "Trust relationship" page of web UI and make sure TR you created for this SP is in "active" state. If it isn't, please remove it, and try to create it again, while paying attention to error messages in `/opt/gluu/jetty/identity/logs/oxtrust.log`. Share your findings with us. Please check ["Outbound SAML"](https://gluu.org/docs/ce/3.0.1/admin-guide/saml/#outbound-saml-shibboleth) part of our SAML docs, it was updated today. Make sure you are following all steps, including addition of custom RP config. 4. If it's in "active" state, retry your failing flow while checking `/opt/shibboleth-idp/logs/idp-process.log`. Share any related error messages with us. 5. While running the failing flow, please capture it using **SAMLTracer** Firefox plugin and share it too. 6. Please also provide screenshots of your TR's configuration, and metadata of your SP. Are you sure its metadata is correct and pass validation? You can use [this tool](https://www.samltool.com/validate_xml.php) to verify SP's metadata. Please share metadata with us too.

Added a couple more items.

Sorry for the lack of information. I have restarted the services previously with no luck. Clearing cookies also did not yield anything other than my original error message. SP Metadata ``` <?xml version="1.0"?><md:EntityDescriptor entityID="https://login.schooldude.com/SSO.STS/SAML" ID="_89957a7b-2bbe-4ca9-9b69-e467e894e568" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#_89957a7b-2bbe-4ca9-9b69-e467e894e568"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default md saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>A6YLsFSCbnNGoQ0Oarl72Z4uH/g=</DigestValue></Reference></SignedInfo><SignatureValue>rtnw6zOV0dv6uJYhO2+qmQLpdiKCBSWEBw9WwNu2S/GfGfbcsjZ0/wUn1r4VeHUjLt++qy/3it6lNmJmYHClt60J7zC0kMPpFUuEgO8CHOCZmxAoIABvR+45IJ055JuEAXgmIEBstmqdSP2S2ROhMxjgBlk/5/uMiHzMSfOHOJkLzVOPc6EUxQLcAXUyb7OKKiUJpnnkYc4tQjjH1IxLJWQf6M5+/qWIeiZ7PTnYG3xr3lu+1euajsRzd+rqOR4/+eLltrssr3/LdGzKv85jPRWZ0sEyOaQ/Tw+tACl3p5MVjoUplR658dk+G+FOWYcUAsn4etM3DrBcVFPo0r8D1Q==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIFWTCCBEGgAwIBAgIQLYInJmvqj3JUTdSpxNuBZTANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTA3MDEwMDAwMDBaFw0xODA2MzAyMzU5NTlaMFUxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDETMBEGA1UECxMKQ09NT0RPIFNTTDEbMBkGA1UEAxMSc3RzLnNjaG9vbGR1ZGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Df6qsFLBDGD8i7G/Gg2PDoE65a+Nb8L+tge97O6ErnkxQ8ZXDBJ4c7qmdshjW3D3h/NbUPptAUCGdjw6Lu2wwyghVx7T508KFZTujcKCMVlA2zpwLKppd7z0wK26NUlfHvE5vVvwdzp817vN6Mao536y50SDmZMQU1cAQUX8YDP0Nelj40ZJ1x5sGCxPyEGqKDJw0MllFJYue+KW9twOjYLI6lY1YB6qb2Tcdi7JHeF5m4YyVRsr0lE/o2YvzNVfFu3M9wqytr2xf5tnwULYqU6eDDZDckrrayOF5tjxP9SfIigIR9U5k43fEuOrsu/FyBU83SHr8pT5UUlPaiMCwIDAQABo4IB5zCCAeMwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFNaqufp4ErcmG0gp2/8y5G/NQAdPMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1BgNVHREELjAsghJzdHMuc2Nob29sZHVkZS5jb22CFnd3dy5zdHMuc2Nob29sZHVkZS5jb20wDQYJKoZIhvcNAQELBQADggEBAIt9Du65NpxtWC5ZfMbulpGrlO9Fragj2afc9SCl6Gt7PBZe97KRqEV8dyBx6PNXEjg65QYgaZOcv1z2gXCThiTv/mL5vm/qdbIlUUW7ZjvXyGIOHPB5rbyW8Vx/CLFIrAZsQ5Du7l2AFH1fu0R86aj3bMGw6yAlEiNvW81N7ixbXhazCjuzrrHpp+1qY7cf6PX/wf/2GzNnniHbCg7LX9aqURjx1sz1CoEa+xBlUk45Te+PBSDr6hEhyhZUJq44F00v/iCqu0yyIB89+NWBM59rZFLbxOnkt3+nVMJMpzthDgmhmdSkfN4QW5mjzYzlENY7tQk8MQz1cnbzc+lg38s=</X509Certificate></X509Data></KeyInfo></Signature><md:SPSSODescriptor ID="_cc68e8dc-9320-49f7-96c6-d8762f0d0d6b" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" AuthnRequestsSigned="false" WantAssertionsSigned="false"><md:KeyDescriptor><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIIFWTCCBEGgAwIBAgIQLYInJmvqj3JUTdSpxNuBZTANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTA3MDEwMDAwMDBaFw0xODA2MzAyMzU5NTlaMFUxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDETMBEGA1UECxMKQ09NT0RPIFNTTDEbMBkGA1UEAxMSc3RzLnNjaG9vbGR1ZGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Df6qsFLBDGD8i7G/Gg2PDoE65a+Nb8L+tge97O6ErnkxQ8ZXDBJ4c7qmdshjW3D3h/NbUPptAUCGdjw6Lu2wwyghVx7T508KFZTujcKCMVlA2zpwLKppd7z0wK26NUlfHvE5vVvwdzp817vN6Mao536y50SDmZMQU1cAQUX8YDP0Nelj40ZJ1x5sGCxPyEGqKDJw0MllFJYue+KW9twOjYLI6lY1YB6qb2Tcdi7JHeF5m4YyVRsr0lE/o2YvzNVfFu3M9wqytr2xf5tnwULYqU6eDDZDckrrayOF5tjxP9SfIigIR9U5k43fEuOrsu/FyBU83SHr8pT5UUlPaiMCwIDAQABo4IB5zCCAeMwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFNaqufp4ErcmG0gp2/8y5G/NQAdPMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1BgNVHREELjAsghJzdHMuc2Nob29sZHVkZS5jb22CFnd3dy5zdHMuc2Nob29sZHVkZS5jb20wDQYJKoZIhvcNAQELBQADggEBAIt9Du65NpxtWC5ZfMbulpGrlO9Fragj2afc9SCl6Gt7PBZe97KRqEV8dyBx6PNXEjg65QYgaZOcv1z2gXCThiTv/mL5vm/qdbIlUUW7ZjvXyGIOHPB5rbyW8Vx/CLFIrAZsQ5Du7l2AFH1fu0R86aj3bMGw6yAlEiNvW81N7ixbXhazCjuzrrHpp+1qY7cf6PX/wf/2GzNnniHbCg7LX9aqURjx1sz1CoEa+xBlUk45Te+PBSDr6hEhyhZUJq44F00v/iCqu0yyIB89+NWBM59rZFLbxOnkt3+nVMJMpzthDgmhmdSkfN4QW5mjzYzlENY7tQk8MQz1cnbzc+lg38s=</X509Certificate></X509Data></KeyInfo><md:EncryptionMethod xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" Algorithm="http://www.w3.org/2001/04/xmlenc#sha1" /><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha1" /></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.schooldude.com/SSO.STS/SAML/AssertionConsumerService.aspx" index="1" isDefault="true" /><md:AttributeConsumingService index="0" isDefault="false"><md:ServiceName xml:lang="en">AttributeContract</md:ServiceName><md:RequestedAttribute isRequired="true" Name="http://connectauthenticate/sso/isgroupvalid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="true" Name="http://connectauthenticate/sso/email_address" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="true" Name="http://connectauthenticate/sso/first_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="true" Name="http://connectauthenticate/sso/last_name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://www.connectauthenticate.com/sso/facilityschedulerequester" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://www.connectauthenticate.com/sso/inventoryrequester" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://www.connectauthenticate.com/sso/itrequester" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://www.connectauthenticate.com/sso/maintenancerequester" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://www.connectauthenticate.com/sso/triprequester" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://connectauthenticate/sso/phone_number" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://connectauthenticate/sso/pager_number" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://connectauthenticate/sso/mobile_phone_number" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /><md:RequestedAttribute isRequired="false" Name="http://connectauthenticate/sso/fax_number" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /></md:AttributeConsumingService></md:SPSSODescriptor><md:Organization><md:OrganizationName xml:lang="en">SchoolDude</md:OrganizationName><md:OrganizationDisplayName xml:lang="en">SchoolDude</md:OrganizationDisplayName><md:OrganizationURL xml:lang="en">http://www.schooldude.com</md:OrganizationURL></md:Organization><md:ContactPerson contactType="technical"><md:EmailAddress>csctech@schooldude.com</md:EmailAddress></md:ContactPerson></md:EntityDescriptor> ``` .../idp/status ``` ### Operating Environment Information operating_system: Linux operating_system_version: 3.16.0-30-generic operating_system_architecture: amd64 jdk_version: 1.8.0_112 available_cores: 1 used_memory: 440 MB maximum_memory: 626 MB ### Identity Provider Information idp_version: 3.2.1 start_time: 2017-04-18T14:46:35Z current_time: 2017-04-19T12:42:34Z uptime: 78959306 ms service: shibboleth.LoggingService last successful reload attempt: 2017-04-17T19:39:30Z last reload attempt: 2017-04-17T19:39:30Z service: shibboleth.ReloadableAccessControlService last successful reload attempt: 2017-04-17T19:39:34Z last reload attempt: 2017-04-17T19:39:34Z service: shibboleth.MetadataResolverService last successful reload attempt: 2017-04-18T13:34:34Z last reload attempt: 2017-04-18T13:34:34Z metadata source: ShibbolethMetadata service: shibboleth.RelyingPartyResolverService last successful reload attempt: 2017-04-18T13:39:34Z last reload attempt: 2017-04-18T13:39:34Z service: shibboleth.NameIdentifierGenerationService last successful reload attempt: 2017-04-17T19:39:33Z last reload attempt: 2017-04-17T19:39:33Z service: shibboleth.AttributeResolverService last successful reload attempt: 2017-04-18T13:39:33Z last reload attempt: 2017-04-18T15:09:33Z last failure cause: net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from file [/opt/shibboleth-idp/conf/attribute-resolver.xml]; nested exception is java.io.FileNotFoundException: /opt/shibboleth-idp/conf/attribute-resolver.xml (Permission denied) DataConnector siteLDAP: has never failed service: shibboleth.AttributeFilterService last successful reload attempt: 2017-04-18T13:39:32Z last reload attempt: 2017-04-18T13:39:32Z ``` idp-process.log ``` org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the HTTP POST method at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:57) 2017-04-18 16:03:28,584 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: UnableToDecode 2017-04-18 16:03:32,598 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:73] - Profile Action DecodeMessage: Unable to decode incoming request org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the HTTP POST method at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:57) 2017-04-18 16:03:32,603 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: UnableToDecode 2017-04-18 16:06:47,444 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:128] - Message Handler: No metadata returned for test in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol 2017-04-18 16:06:47,451 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for relying party configuration shibboleth.UnverifiedRelyingParty 2017-04-18 16:06:47,455 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: InvalidProfileConfiguration ``` SAMLTracer Http ``` GET https://eas.rccc.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZHLasMwEEV%2FxWhvy06cOhKxITQUDH2EOHTRTZHlSSOQJVcj9%2FH3lV1a0k2XGnTn3MNsUPR64NvRn80BXkdAH9W7kjzna9lC1nYxXC1lnDMoYlawNjxXbZGuT%2FmKMRI9gkNlTUkWSUqiGnGE2qAXxodRmhVxmscZO2YLvmQ8y5L1sngi0S5QlBF%2BTp69H5BTCgITJ6VMoBup6gY6OHtSGmizvbtd0AN0yoH0tGkeSHRjnYS5dElOQiNM8L1AVG%2FwO%2FnotUE%2BC5ZkdIZbgQq5ET0g95JPi3kozgPJW2k1qTbTbz57uIv8%2F%2FGABTfJkOpHRtsXZRKUZ2t1N3aQSNtPzZPm2MxCG3pB%2BsYO%2FD6srnd7q5X8jLZa2%2FdrB8IHI%2B%2FGIESr79jfe1Vf&RelayState=https%3A%2F%2Flogin.schooldude.com%2FSSO.STS%2F%3Fwa%3Dwsignin1.0%26wtrealm%3Dhttps%253a%252f%252flogin.schooldude.com%252fsso%252f%26wctx%3Dacctnum%253d1211150336%2526TestSSOProduct%253dCI%26wct%3D2017-04-19T12%253a39%253a11Z HTTP/1.1 Host: eas.rccc.edu User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br HTTP/?.? 400 Bad Request Date: Wed, 19 Apr 2017 12:39:24 GMT Server: Jetty(9.3.15.v20161220) X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-store Content-Type: text/html;charset=utf-8 Content-Length: 811 Set-Cookie: JSESSIONID=zmttr0hr7m8n1lisikohn7kev;Path=/idp;Secure;HttpOnly Connection: close ``` SAMLTracer Parameters ``` GET SAMLRequest: fZHLasMwEEV/xWhvy06cOhKxITQUDH2EOHTRTZHlSSOQJVcj9/H3lV1a0k2XGnTn3MNsUPR64NvRn80BXkdAH9W7kjzna9lC1nYxXC1lnDMoYlawNjxXbZGuT/mKMRI9gkNlTUkWSUqiGnGE2qAXxodRmhVxmscZO2YLvmQ8y5L1sngi0S5QlBF+Tp69H5BTCgITJ6VMoBup6gY6OHtSGmizvbtd0AN0yoH0tGkeSHRjnYS5dElOQiNM8L1AVG/wO/notUE+C5ZkdIZbgQq5ET0g95JPi3kozgPJW2k1qTbTbz57uIv8//GABTfJkOpHRtsXZRKUZ2t1N3aQSNtPzZPm2MxCG3pB+sYO/D6srnd7q5X8jLZa2/drB8IHI+/GIESr79jfe1Vf RelayState: https://login.schooldude.com/SSO.STS/?wa=wsignin1.0&wtrealm=https%3a%2f%2flogin.schooldude.com%2fsso%2f&wctx=acctnum%3d1211150336%26TestSSOProduct%3dCI&wct=2017-04-19T12%3a39%3a11Z ``` SAMLTracer SAML ``` <samlp:AuthnRequest ID="_48cbe1bd-e63c-49e7-979b-e65b708f4599" Version="2.0" IssueInstant="2017-04-19T12:39:11.837Z" Destination="https://eas.rccc.edu/idp/profile/SAML2/Redirect/SSO" ForceAuthn="false" IsPassive="false" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" > <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://login.schooldude.com/SSO.STS/SAML</saml:Issuer> <samlp:NameIDPolicy AllowCreate="true" /> </samlp:AuthnRequest> ``` SP Setup  GLUU Trust Relationship  GLUU Trust Relationship Config 

Hi, Tyler. Thanks for detailed report. On your screenshots I see you didn't configure custom RP settings as suggested above. Please check our updated [outbound SAML guide](https://gluu.org/docs/ce/3.0.1/admin-guide/saml/#outbound-saml-shibboleth) and note warning notion at the end. You need to check "Configure Relying Party" checkbox and add "SAML2SSO" profile with default settings to your TR. After that make sure your TR is still shown as active, restart `identity` and `idp` services, clear your cookies and retry the flow.