Hi Andreas, Make sure the `idp` service is running. Log into gluu container and run the below commands. ``` #service idp stop #service idp start ``` Thanks, Gasmyr.

One question: `What is the ldap implementation in use in your instance?(openDj or OpenLdap)`

Thanks for your answer Gasmyr. I'm using opendj for LDAP. service idp is running. I've actually seen following in idp logs. About 2 Minutes after starting the idp, following log has been written: ``` 2018-05-17 07:52:19.752:INFO:oejs.Server:main: jetty-9.3.15.v20161220 2018-05-17 07:52:19.772:INFO:oejdp.ScanningAppProvider:main: Deployment monitor [file:///opt/gluu/jetty/idp/webapps/] at interval 1 2018-05-17 07:52:23.910:INFO:oeja.AnnotationConfiguration:main: Scanning elapsed time=3787ms 2018-05-17 07:52:23.938:INFO:idp:main: No Spring WebApplicationInitializer types detected on classpath 2018-05-17 07:52:24.016:WARN:oejs.SecurityHandler:main: ServletContext@o.e.j.w.WebAppContext@57baeedf{/idp,file:///opt/jetty-9.3/temp/jetty-localhost-8086-idp.war-_idp-any-7952605341296645859.dir/webapp/,STARTING}{/idp.war} has uncovered http methods for path: /* 2018-05-17 07:52:24.148:INFO:idp:main: Initializing Spring root WebApplicationContext 2018-05-17 07:52:27.442:WARN:oejw.WebAppContext:main: Failed startup of context o.e.j.w.WebAppContext@57baeedf{/idp,file:///opt/jetty-9.3/temp/jetty-localhost-8086-idp.war-_idp-any-7952605341296645859.dir/webapp/,UNAVAILABLE}{/idp.war} org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.metrics.RegisterMetricSets$child#0' defined in URL [file:/opt/shibboleth-idp/conf/admin/metrics.xml]: Cannot resolve reference to bean 'shibboleth.metrics.AttributeResolverGaugeSet' while setting bean property 'argumen ts' with key [7]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.metrics.AttributeResolverGaugeSet' defined in URL [file:/opt/shibboleth-idp/system/conf/general-admin-system.xml]: Invocation of init method failed; nested exception is net.shibbol eth.utilities.java.support.component.ComponentInitializationException: Injected service was null or not an AttributeResolver ```

Can you show me the content of this file `/opt/shibboleth-idp/conf/ldap.properties`? I'm interested by the line starting with `idp.authn.LDAP.trustCertificates`.

`idp.authn.LDAP.sslConfig = certificateTrust` `idp.authn.LDAP.trustCertificates = /etc/certs/openldap.crt` `idp.authn.LDAP.trustStore = /etc/certs/shibIDP.jks`

1. Change `idp.authn.LDAP.trustCertificates = /etc/certs/openldap.crt` to `idp.authn.LDAP.trustCertificates = /etc/certs/opendj.crt` 1. Restart the idp service 1. Test the flow again

I've done that after seeing the wrong certificate when I postet it here. Now after restarting the CHROOT it works all fine, thanks for your help, i really appreciate it.