No MetadataProvider available - shibsp::ConfigurationException

Asked 14/10, 2016 at 18:29 Answered 13/4, 2023 at 13:0

I recently upgraded Shibboleth from versionShibboleth-sp-2.5.6.0-win64 to Shibboleth-sp-2.6.0.0-win64 and Apache web server from 2.4.16 to 2.4.23.

Post the upgrade, when I try to access my application I get the following error:

shibsp::ConfigurationException

The system encountered an error at Fri Oct 14 20:19:51 2016

To report this problem, please contact the site administrator at root@localhost. 

Please include the following message in any email:

shibsp::ConfigurationException at (https://xxxxxx.xxxx/)

No MetadataProvider available.

When I access, https:/xxxxx.xxxxx/Shibboleth.sso/Metadata, the metadata file is downloaded and the details seems correct.

Does any one know why does this error occur and how can we solve it?

Rouvin answered 14/10, 2016 at 18:29 Comment(1)

Look at the MetadataProvider section of your Shibboleth SP configuration. Verify that the file or URL indicated there is accessible and correct. – Cowans 19/11, 2016 at 18:49

If it can be of help, I was writing this:

<MetadataProvider type="XML" validate="true" file="/etc/shibboleth/idp-metadata.xml" />

instead of this:

<MetadataProvider type="XML" validate="true" path="/etc/shibboleth/idp-metadata.xml" />

The XML attribute is path. I'm using Shibboleth SP version 3.

Brandt answered 27/3, 2020 at 10:35 Comment(1)

Could anyone place file name which this configuration is about? – Stage 29/7, 2020 at 15:51

Ensure that you have a section in the default as well as an override if there exists. For me, even though there was a section properly created for the override, it needed one in the defaults

Incumbent answered 12/9, 2017 at 13:20 Comment(0)

Try the following steps:

1) Go to shar.log and check what is the entity ID returning from the IDP's assertion message.
2) Go to the corresponding IDP'S metadata in SP side, compare both entity ID's.
3) Sure there must be some mismatch between the files, so that's why SP is unable to find the IDP to which it is talking and not able to proceed further.

Finally, update the entity ID in the IDP's metadata and restart shibd. It should work.

Shaneka answered 28/9, 2017 at 22:3 Comment(1)

Additionally, if you look in /var/log/shibboleth/shibd.log, you may find CRIT level log entries reporting "error reloading resources," immediately preceded by a possible root cause: XMLTooling.ParserPool: error on line ..., column ..., message: attribute 'errorURL' is not declared for element 'EntityDescriptor'. So either some gnarly XML validation going on, or "underconfigured" IdP metadata lacking namespace imports or something. But you do get the same error if your SP installation cannot validate the IdP's metadata over a parse issue like this. Removing the unsupported errorURL "worked." – Bandog 20/7, 2023 at 1:49

Just for the record. Most configuration of your SP takes place in shibboleth2.xml. Locate this file on your server and edit settings to your comfort.

For Linux installations: Be sure not to edit this file from your installation path, but in your distribution path (i.e. /etc/shibboleth/shibboleth2.xml), otherwise your changes will not be visible ...

A restart of shibd (systemctl restart shibd) is mandatory after changing shibboleth2.xml.

Quarterback answered 18/8, 2020 at 7:32 Comment(0)

I had a similar issue, SP and IdP metadatas were fine excepted for IdP validUntil until attribute which was expired. After modification, Shibboleth SP recognized the IdP metadata.

Amu answered 13/4, 2023 at 13:0 Comment(1)

can you please guide me where can I find this configuration, is it on idp or sp, I just started working on Shibboleth, till yesterday it was working fine but suddenly broke – Aventine 30/8 at 7:8

Recommended topics

Hot tags