Skip to Content.
Sympa Menu

shibboleth-users - No return endpoint available for relying party

Subject: Shibboleth Users

List archive

No return endpoint available for relying party


Chronological Thread 
  • From: "Miotke,Randy" <>
  • To: "''" <>
  • Subject: No return endpoint available for relying party
  • Date: Fri, 12 Mar 2010 10:09:34 -0700
  • Accept-language: en-US
  • Acceptlanguage: en-US

Hello,

I'm running an Idp that is connecting to other SPs via the InCommon
Federation, but I am encountering the error "No return endpoint available for
relying party" in trying to connect to a new SP. I've reviewed the
IdPTroubleshootingCommonErrors at
https://spaces.internet2.edu/display/SHIB2/IdPTroubleshootingCommonErrors,
and have looked at the potential trouble spots mentioned. I have metadata for
the SP, and they believe their metadata is acurate. Is there something
missing on the SP side or is there a configuration problem in the IdP that I
haven't been able to spot? A transaction log entry, metadata and handler.xml
information is below. Please let me know if other data will help determine
the problem.

I know this is a busy list. Any help is greatly appreciated.

Regards,

Randy

******************
Transaction LOG ENTRY
******************

09:17:15.810 - INFO [Shibboleth-Access:73] -
20100312T161715Z|129.82.201.204|shibidp.colostate.edu:443|/profile/Shibboleth/SSO|
09:17:18.571 - INFO
[edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802]
- PKIX validation info cache cleared
09:17:18.571 - INFO
[edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802]
- PKIX validation info cache cleared
09:17:55.535 - INFO [Shibboleth-Access:73] -
20100312T161755Z|129.82.201.204|shibidp.colostate.edu:443|/profile/Shibboleth/SSO|
09:17:55.536 - ERROR
[edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:397]
- No return endpoint available for relying party

https://sp.eblib.com/shibboleth




*****************
IdP SSO Metadata
*****************

<ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://shibidp.colostate.edu:8443/idp/profile/SAML2/SOAP/ArtifactResolution";


index="1"/>
<ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"

Location="https://shibidp.colostate.edu:8443/idp/profile/SAML1/SOAP/ArtifactResolution";
index="2"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://shibidp.colostate.edu/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService
Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
Location="https://shibidp.colostate.edu/idp/profile/Shibboleth/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://shibidp.colostate.edu/idp/profile/SAML2/Redirect/SSO"/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://shibidp.colostate.edu/idp/profile/SAML2/POST-

SimpleSign/SSO"/>


****************
SP ACS in metadata
****************

<md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

Location="https://sp.eblib.com/Shibboleth.sso/SAML/POST"; index="1"/>
<md:AssertionConsumerService
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"

Location="https://sp.eblib.com/Shibboleth.sso/SAML/Artifact"; index="2"/>


***************
handler.xml contents
***************


<ProfileHandler xsi:type="SAML2SSO"

inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<RequestPath>/SAML2/POST/SSO</RequestPath>
</ProfileHandler>

<ProfileHandler xsi:type="SAML2SSO"

inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"

outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<RequestPath>/SAML2/POST-SimpleSign/SSO</RequestPath>
</ProfileHandler>

<ProfileHandler xsi:type="SAML2SSO"

inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<RequestPath>/SAML2/Redirect/SSO</RequestPath>
</ProfileHandler>

<ProfileHandler xsi:type="SAML2AttributeQuery"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"

outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
<RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath>
</ProfileHandler>

<ProfileHandler xsi:type="SAML2ArtifactResolution"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"

outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
<RequestPath>/SAML2/SOAP/ArtifactResolution</RequestPath>
</ProfileHandler>

<!-- Login Handlers -->
<!--
<LoginHandler xsi:type="RemoteUser">

<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
</LoginHandler>
-->

<!-- Username/password login handler -->
<LoginHandler xsi:type="UsernamePassword"

jaasConfigurationLocation="file:///usr/local/shibboleth-idp/conf/login.config">

<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
</LoginHandler>

<!--
Removal of this login handler will disable SSO support, that is it
will require the user to authenticate
on every request.
-->
<LoginHandler xsi:type="PreviousSession">

<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
</LoginHandler>

</ProfileHandlerGroup>



Archive powered by MHonArc 2.6.16.

Top of Page