Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
en:shibidp:troubleshooting [2023/03/02 10:54] – Engl. version of missing sp metadata Silke Meyer | en:shibidp:troubleshooting [2023/03/02 12:21] (current) – [Download the metadata of your IdP/SP] Silke Meyer | ||
---|---|---|---|
Line 5: | Line 5: | ||
* [[https:// | * [[https:// | ||
- | ===== Download | + | ===== Where to download |
Here is how you can get the metadata of your IdP or SP as they are currently published to the federation: | Here is how you can get the metadata of your IdP or SP as they are currently published to the federation: | ||
Line 127: | Line 127: | ||
* Check the IdP's DEBUG-Log. Compare the saml:Issuer from the AuthnRequest with the EntityID you are trying to contact. If there is a different issuer string in the Authentication Request the IdP cannot find the issuer in the federation metadata. Contact the SP operator in this case. | * Check the IdP's DEBUG-Log. Compare the saml:Issuer from the AuthnRequest with the EntityID you are trying to contact. If there is a different issuer string in the Authentication Request the IdP cannot find the issuer in the federation metadata. Contact the SP operator in this case. | ||
+ | ===== DecryptNameIDFailed ===== | ||
+ | If you see the error message "A non-proceed event occurred while processing the request: DecryptNameIDFailed" | ||
+ | ===== Reset a configuration file to default ===== | ||
+ | Your IdP keeps copies of all original files in the folder '' | ||
+ | |||
+ | ===== Duplicate attributes in Shibboleth IdP 4.x ===== | ||
+ | If you notice that your IdP 4.x transmits duplicate attributes, you probably have copied the file '' | ||
+ | |||
+ | ===== Duplicate Transcoding Rule ===== | ||
+ | If you get the error message below, you probably have a duplicate attribute in your Attribute Registry. Maybe you imported attributes from a file like our dfnMisc.xml ([[de: | ||
+ | |||
+ | <code bash> | ||
+ | already the child of another XMLObject and may not be inserted into this list</ | ||
+ | |||
+ | ===== IdP/SP is no longer part of the eduGAIN metadata ===== | ||
+ | |||
+ | Our downstream eduGAIN metadata (the eduGAIN metadata we distribute to DFN-AAI) have never contained entities from DFN-AAI. We filter them out because your systems already know them from DFN-AAI metadata and we do not want to distribute duplicates. To check whether an entity is part of the eduGAIN metadata, please search for it in the [[https:// | ||
===== IdP is not displayed in Discovery Services ===== | ===== IdP is not displayed in Discovery Services ===== | ||
Line 136: | Line 153: | ||
* You have ticked the checkbox "hide from discovery" | * You have ticked the checkbox "hide from discovery" | ||
| | ||
+ | ===== SP Metadata: AuthnRequestsSigned and WantAssertionsSigned ===== | ||
+ | |||
+ | A Service Provider can announce in its metadata that it | ||
+ | * signs Authentication Requests it sends to IdPs, and/or | ||
+ | * wants to get signed SAML assertions back. | ||
+ | |||
+ | Our metadata administration tool only displays this information if it is included in the xml files upon initial upload to the metadata administration. Please extend your SP metadata like this:< | ||
+ | | ||
{{tag> | {{tag> |