##### Before upgrading it was working fine. after upgrading it to 18.04 it worked for couple of days. then SAML authentication stopped working   #### Using **openDj**   Tried multiple times > #service idp stop > #service idp start Info/logs attached below, let me know if more details required. Thanks in advance   #### **FILE:** opt/shibboleth-idp/conf/ldap.properties ``` # LDAP authentication configuration, see authn/ldap-authn-config.xml # Note, this doesn't apply to the use of JAAS ## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator idp.authn.LDAP.authenticator = bindSearchAuthenticator ## Connection properties ## idp.authn.LDAP.ldapURL = ldaps://localhost:1636 idp.authn.LDAP.useStartTLS = false idp.authn.LDAP.useSSL = true #idp.authn.LDAP.connectTimeout = 3000 ## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust idp.authn.LDAP.sslConfig = certificateTrust ## If using certificateTrust above, set to the trusted certificate's path idp.authn.LDAP.trustCertificates = /etc/certs/opendj.crt ## If using keyStoreTrust above, set to the truststore path idp.authn.LDAP.trustStore = /etc/certs/shibIDP.jks ## Return attributes during authentication ## NOTE: there is a separate property used for attribute resolution idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining ## DN resolution properties ## # Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator # for AD: CN=Users,DC=example,DC=org idp.authn.LDAP.baseDN = o=gluu idp.authn.LDAP.subtreeSearch = true idp.authn.LDAP.userFilter = (uid={user}) # bind search configuration # for AD: idp.authn.LDAP.bindDN=adminuser@domain.com idp.authn.LDAP.bindDN = cn=directory manager idp.authn.LDAP.bindDNCredential = company # Format DN resolution, used by directAuthenticator, adAuthenticator # for AD use idp.authn.LDAP.dnFormat=%s@domain.com idp.authn.LDAP.dnFormat = uid=%s,ou=people,o=@!DC86.8CA8.47F1.3171!0001!08FE.BC01,o=gluu # LDAP attribute configuration, see attribute-resolver.xml # Note, this likely won't apply to the use of legacy V2 resolver configurations idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL} idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined} idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined} idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined} idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true} idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined} idp.attribute.resolver.LDAP.searchFilter = (|(uid=$requestContext.principalName)(mail=$requestContext.principalName)) idp.attribute.resolver.LDAP.returnAttributes = inum,uid # LDAP pool configuration, used for both authn and DN resolution idp.pool.LDAP.minSize = 3 idp.pool.LDAP.maxSize = 10 idp.pool.LDAP.validateOnCheckout = false idp.pool.LDAP.validatePeriodically = true idp.pool.LDAP.validatePeriod = 300 idp.pool.LDAP.prunePeriod = 300 idp.pool.LDAP.idleTime = 600 idp.pool.LDAP.blockWaitTime = 3000 idp.pool.LDAP.failFastInitialize = false ```   #### **IDP Logs:** opt/shibboleth-idp/logs/idp-process.log ``` 2021-07-27 11:48:06,981 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:207] - Service 'shibboleth.NameIdentifierGenerationService': Starting shutdown 2021-07-27 11:48:06,981 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:216] - Service 'shibboleth.NameIdentifierGenerationService': Completing shutdown 2021-07-27 11:48:06,981 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:207] - Service 'shibboleth.AttributeResolverService': Starting shutdown 2021-07-27 11:48:06,982 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:216] - Service 'shibboleth.AttributeResolverService': Completing shutdown 2021-07-27 11:48:06,982 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:982] - Closing ApplicationContext:shibboleth.AttributeFilterService: startup date [Tue Jul 27 11:48:01 UTC 2021]; parent: Root WebApplicationContext 2021-07-27 11:48:06,986 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:207] - Service 'shibboleth.AttributeFilterService': Starting shutdown 2021-07-27 11:48:06,986 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:216] - Service 'shibboleth.AttributeFilterService': Completing shutdown 2021-07-27 11:48:06,987 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:207] - Service 'shibboleth.LoggingService': Starting shutdown 2021-07-27 11:48:06,987 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:216] - Service 'shibboleth.LoggingService': Completing shutdown 2021-07-27 11:48:07,005 - ERROR [org.springframework.web.context.ContextLoader:351] - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.metrics.RegisterMetricSets$child#0' defined in URL [file:/opt/shibboleth-idp/conf/admin/metrics.xml]: Cannot resolve reference to bean 'shibboleth.metrics.AttributeResolverGaugeSet' while setting bean property 'arguments' with key [7]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.metrics.AttributeResolverGaugeSet' defined in URL [file:/opt/shibboleth-idp/system/conf/general-admin-system.xml]: Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Injected service was null or not an AttributeResolver at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.metrics.AttributeResolverGaugeSet' defined in URL [file:/opt/shibboleth-idp/system/conf/general-admin-system.xml]: Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Injected service was null or not an AttributeResolver at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578) Caused by: net.shibboleth.utilities.java.support.component.ComponentInitializationException: Injected service was null or not an AttributeResolver at net.shibboleth.idp.attribute.resolver.impl.AttributeResolverServiceGaugeSet.doInitialize(AttributeResolverServiceGaugeSet.java:104) ```   #### service idp status ``` Jetty running pid=1694 START_INI = /opt/gluu/jetty/idp/start.ini START_D = /opt/gluu/jetty/idp/start.d JETTY_HOME = /opt/jetty JETTY_BASE = /opt/gluu/jetty/idp JETTY_CONF = /opt/jetty/etc/jetty.conf JETTY_PID = /var/run/idp.pid JETTY_START = /opt/jetty/start.jar JETTY_LOGS = /opt/gluu/jetty/idp/logs JETTY_STATE = /opt/gluu/jetty/idp/idp.state CLASSPATH = JAVA = /opt/jre/bin/java JAVA_OPTIONS = -server -Xms256m -Xmx716m -XX:MaxMetaspaceSize=308m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/idp -Djetty.logging.dir=/opt/gluu/jetty/idp/logs -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/idp -Djava.io.tmpdir=/opt/jetty-9.3/temp JETTY_ARGS = jetty.http.host=localhost jetty.http.port=8086 jetty.state=/opt/gluu/jetty/idp/idp.state jetty-logging.xml jetty-started.xml RUN_CMD = /opt/jre/bin/java -server -Xms256m -Xmx716m -XX:MaxMetaspaceSize=308m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dserver.base=/opt/gluu/jetty/idp -Djetty.logging.dir=/opt/gluu/jetty/idp/logs -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/idp -Djava.io.tmpdir=/opt/jetty-9.3/temp -jar /opt/jetty/start.jar jetty.http.host=localhost jetty.http.port=8086 jetty.state=/opt/gluu/jetty/idp/idp.state jetty-logging.xml jetty-started.xml ```