No MetadataProvider available - shibsp::ConfigurationException

Question

I recently upgraded Shibboleth from versionShibboleth-sp-2.5.6.0-win64 to Shibboleth-sp-2.6.0.0-win64 and Apache web server from 2.4.16 to 2.4.23.

Post the upgrade, when I try to access my application I get the following error:

shibsp::ConfigurationException

The system encountered an error at Fri Oct 14 20:19:51 2016

To report this problem, please contact the site administrator at root@localhost. 

Please include the following message in any email:

shibsp::ConfigurationException at (https://xxxxxx.xxxx/)

No MetadataProvider available.

When I access, https:/xxxxx.xxxxx/Shibboleth.sso/Metadata, the metadata file is downloaded and the details seems correct.

Does any one know why does this error occur and how can we solve it?

Look at the `MetadataProvider` section of your Shibboleth SP configuration. Verify that the file or URL indicated there is accessible and correct. — rlandster, Nov 19 '16 at 18:49

score 2 · Answer 1 · answered Mar 27 '20 at 10:35

2

If it can be of help, I was writing this:

<MetadataProvider type="XML" validate="true" file="/etc/shibboleth/idp-metadata.xml" />

instead of this:

<MetadataProvider type="XML" validate="true" path="/etc/shibboleth/idp-metadata.xml" />

The XML attribute is path. I'm using Shibboleth SP version 3.

answered Mar 27 '20 at 10:35

Milad

836
7
13

Could anyone place file name which this configuration is about? – Danilo Davanso Jul 29 '20 at 15:51

score 0 · Answer 2 · answered Sep 12 '17 at 13:20

0

Ensure that you have a section in the default as well as an override if there exists. For me, even though there was a section properly created for the override, it needed one in the defaults

answered Sep 12 '17 at 13:20

TruthOf42

2,017
4
23
38

Satheesh K · Answer 3 · 2020-08-19T13:08:43.423

0

Try the following steps:

1) Go to shar.log and check what is the entity ID returning from the IDP's assertion message.
2) Go to the corresponding IDP'S metadata in SP side, compare both entity ID's.
3) Sure there must be some mismatch between the files, so that's why SP is unable to find the IDP to which it is talking and not able to proceed further.

Finally, update the entity ID in the IDP's metadata and restart shibd. It should work.

edited Aug 19 '20 at 13:08

answered Sep 28 '17 at 22:03

Satheesh K

132
2
16

Additionally, if you look in /var/log/shibboleth/shibd.log, you may find `CRIT` level log entries reporting "error reloading resources," immediately preceded by a possible root cause: XMLTooling.ParserPool: error on line ..., column ..., message: attribute 'errorURL' is not declared for element 'EntityDescriptor'. So either some gnarly XML validation going on, or "underconfigured" IdP metadata lacking namespace imports or something. But you do get the same error if your SP installation cannot validate the IdP's metadata over a parse issue like this. Removing the unsupported errorURL "worked." – Matt Borja Jul 20 '23 at 01:49

score 0 · Answer 4 · edited Aug 19 '20 at 10:24

Just for the record. Most configuration of your SP takes place in shibboleth2.xml. Locate this file on your server and edit settings to your comfort.

For Linux installations: Be sure not to edit this file from your installation path, but in your distribution path (i.e. /etc/shibboleth/shibboleth2.xml), otherwise your changes will not be visible ...

A restart of shibd (systemctl restart shibd) is mandatory after changing shibboleth2.xml.

score 0 · Answer 5 · answered Apr 13 '23 at 13:00

0

I had a similar issue, SP and IdP metadatas were fine excepted for IdP validUntil until attribute which was expired. After modification, Shibboleth SP recognized the IdP metadata.

answered Apr 13 '23 at 13:00

François Loison

1

No MetadataProvider available - shibsp::ConfigurationException

5 Answers5