Shibboleth - Troubleshooting
Message not accepted by IDP deos not meet security requirements the message received does not meet the security requirements of the as assertionConsumerServiceURL and 'http://samltest/shibboleth-sp' as entityId. Spring Security SAML extension. oracle XE as Shibboleth AttributeResolver imported metadata both ways: idp to sp and sp tp idp ArtifactResolution] - Message did not meet security requirements Message did not meet security requirements. SP - IDP -- Message did not meet security requirements Working to debug the SP config, its never worked with this IdP. The IdP is also new.
This page will use PHP to check for a successful Shibboleth login, and it will dump out all of the environment variables that are passed to the page.Single Sign-On (SAML IdP and SP)
This test assumes your httpd server will support PHP files. If you are not running PHP on your server, just place a static index. That URL will be something like: You should see the page https: Assuming you reached the login page, enter your own Unity credentials and submit them. Since this is the first time you've logged in to the new SP, you should be presented with the uApprove page which lists that attributes that will be released to your site. Click "Confirm" on that page to proceed.
You should now be logged in, and you should see the output of the the example page that you downloaded and installed earlier. Or, at the least, you should see the static index. The example page shows something like this: Your EPPN is unityid ncsu.
You may not see all of these attributes in your output. You should see variables for each of the attributes that you were approved to receive when you registered your SP. Errors in testing Message did not meet security requirements When you are first redirected to the IdP, you may get an error page with a message at the bottom that says "Message did not meet security requirements". Please wait four hours after registration is completed to test the connection.
By that time, the servers should have loaded the updated metadata.
"Error Message: Message did not meet security requirements"
If the fix did not work, this is the next thing to check. Did you regenerate your SP key and certificate files after registering?
If this connection fails there is likely to be an entry in shibd. Again, if this is the case here is likely to be an entry in shibd. However setting this without also ensuring that all access to the site use https can lead to authentication requests looping between the SP and the IdP. The problem is that authentication can complete over https, but when the user is redirected to the http URL they originally requested the cookie isn't supplied.
This leads the SP to conclude that the user isn't authenticated and the loop is repeated. To avoid this, always ensure that all http requests requiring authentication are first redirected to the corresponding https URL.
Gluu Support- Message not accepted by IDP deos not meet security requirements
The https port number is commonly See also SSL, certificates and security with Shibbolethand https: Starting shibd reports "Starting shibd listener failed to enter listen loop" Whan re- starting shibd the message "Starting shibd listener failed to enter listen loop" is displayed as shibd doesn't start At least one cause of this is that shibd is being started by an insufficiently privileged user.
Typically shibd needs to be started as root. Please contact the site administrator Accessing a site results in a page saying "Internal Server Error. Please contact the site administrator.