Resolve "SAML 2 SSO profile is not configured for relying party"

Home > Search
  by

This error appears when navigating to a web page that is being protected by Shibboleth. This error suggests that the Service Provider (SP) could not get metadata from the Identity Provider (IdP).

 

This error typically means that the URL being used by the relying party is not a valid URL to get the metadata from the IdP. In the example above, the URL being used is https://saml1.software.eng.us/shibboleth.  Navigating to https://saml1.software.eng.us/shibboleth produces a Forbidden message, which confirms that https://saml1.software.eng.us/shibboleth is not a valid URL to get metadata from the IdP.

 

You will need to determine the valid URL. For example, if the valid URL is https://saml1.software.eng.us:8443/idp/shibboleth, navigating to https://saml1.software.eng.us:8443/idp/shibboleth should display the metadata. The metadata displayed in the browser should be exactly the same as the metadata in your /opt/shibboleth-idp/metadata/idp-metadata.xml file.

 

You will add the valid URL to $shibboleth_IdP_home/conf/relaying-party.xml.

<rp:AnonymousRelyingParty provider="https://www.example.com/idp/shibboleth" defaultSigningCredentialRef="IdpCrednetail"/>

<rp:DefaultRelyingParty provider="https://www.example.com/idp/shibboleth" defaultSigningCredentialRef="IdpCredential"
  <rp: ProfileConfiguration . . .

 

Also add the valid URL to $shibboleth_SP_home/shibboleth2.xml.

<ApplicationDefaults entityID="https://saml1.software.eng.us/idp/shibboleth"

 


Logs

If issues persist, check the $shibboleth_IdP_home/logs/idp-proccess.log file.

SPSSODescriptor role metadata for entityID 'https://saml1.software.eng.us/shibboleth' could not be resolved
No metadata for relaying party https://saml1.software.eng.us/shibboleth, treating party as anonymous
SAML 2 SSO profile is not configured for relaying party https://saml1.software.eng.us/shibboleth


Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments