<html>
<head>
</head>
<body class='hmmessage'><div dir='ltr'>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Hi Marco, <div>did you get a chance to look at the logs,</div><div><br></div><div>Regards,</div><div>Akshik<br><br><div><hr id="stopSpelling">From: akshik@outlook.com<br>To: openstack-dev@lists.openstack.org<br>Date: Fri, 27 Feb 2015 22:50:47 +0530<br>Subject: Re: [openstack-dev] Need help in configuring keystone<br><br>
<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style>
<div dir="ltr">Hi Marco,<div><br></div><div>Thanks for responding, Ive cleared the log file and have restarted the shibd service.</div><div><br></div><div>the metadata file got created, i've attached the log file and metadata file as well.</div><div><br></div><div>Regards,</div><div>Akshik<br><br><div>Date: Fri, 27 Feb 2015 15:12:39 +0100<br>From: Marco.Fargetta@ct.infn.it<br>To: openstack-dev@lists.openstack.org<br>Subject: Re: [openstack-dev] Need help in configuring keystone<br><br><pre>Hi Akshik,<br> <br>the metadata error is in your SP, if the error was on testshib you<br>should not be redirected back after the login. Maybe there is a configuration<br>problem with shibboleth. Try to restart the service and look at shibboleth logs.<br>Check also the metadata of testshib are downloaded correctly because from the error<br>it seems you have not the metadata of testshib.<br> <br>Cheers,<br>Marco<br> <br>On Fri, Feb 27, 2015 at 06:39:30PM +0530, Akshik DBK wrote:<br>> Hi Marek ,<br>> I've registered with testshib, this is my keystone-apache-error.log log i get [error] [client 121.243.33.212] No MetadataProvider available., referer: <a href="https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO" target="_blank">https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO</a><br>> From: akshik@outlook.com<br>> To: openstack-dev@lists.openstack.org<br>> Date: Fri, 27 Feb 2015 15:56:57 +0530<br>> Subject: [openstack-dev] Need help in configuring keystone<br>> <br>> <br>> <br>> <br>> Hi I'm new to SAML, trying to integrate keystone with SAML, Im using Ubuntu 12.04 with Icehouse,im following <a href="http://docs.openstack.org/developer/k...when" target="_blank">http://docs.openstack.org/developer/k...when</a> im trying to configure keystone with two idp,when i access https://MYSERVER:5000/v3/OS-FEDERATIO...it gets redirected to testshib.org , it prompts for username and password when the same is given im gettingshibsp::ConfigurationException at ( https://MYSERVER:5000/Shibboleth.sso/... ) No MetadataProvider available.here is my shibboleth2.xml content<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"<br>> xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"<br>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"<br>> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" <br>> xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"<br>> clockSkew="180"><br>> <br>> <ApplicationDefaults entityID="https://MYSERVER:5000/Shibboleth"><br>> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"><br>> <SSO entityID="<a href="https://idp.testshib.org/idp/shibboleth" target="_blank">https://idp.testshib.org/idp/shibboleth</a>" ECP="true"><br>> SAML2 SAML1<br>> </SSO><br>> <br>> <Logout>SAML2 Local</Logout><br>> <br>> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/><br>> <Handler type="Status" Location="/Status" /><br>> <Handler type="Session" Location="/Session" showAttributeValues="false"/><br>> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/><br>> </Sessions><br>> <br>> <Errors supportContact="root@localhost"<br>> logoLocation="/shibboleth-sp/logo.jpg"<br>> styleSheet="/shibboleth-sp/main.css"/><br>> <br>> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/><br>> <AttributeResolver type="Query" subjectMatch="true"/><br>> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/><br>> <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/><br>> <br>> <ApplicationOverride id="idp_1" entityID="https://MYSERVER:5000/Shibboleth"><br>> <br>> <Sessions lifetime="28800" timeout="3600" checkAddress="false"<br>> relayState="ss:mem" handlerSSL="false"><br>> <SSO entityID="<a href="https://portal4.mss.internalidp.com/idp/shibboleth" target="_blank">https://portal4.mss.internalidp.com/idp/shibboleth</a>" ECP="true"><br>> SAML2 SAML1<br>> </SSO><br>> <Logout>SAML2 Local</Logout><br>> </Sessions><br>> <br>> <MetadataProvider type="XML" uri="<a href="https://portal4.mss.internalidp.com/idp/shibboleth" target="_blank">https://portal4.mss.internalidp.com/idp/shibboleth</a>"<br>> backingFilePath="/tmp/tata.xml" reloadInterval="180000" /><br>> </ApplicationOverride><br>> <br>> <ApplicationOverride id="idp_2" entityID="https://MYSERVER:5000/Shibboleth"><br>> <Sessions lifetime="28800" timeout="3600" checkAddress="false"<br>> relayState="ss:mem" handlerSSL="false"><br>> <SSO entityID="<a href="https://idp.testshib.org/idp/shibboleth" target="_blank">https://idp.testshib.org/idp/shibboleth</a>" ECP="true"><br>> SAML2 SAML1<br>> </SSO><br>> <br>> <Logout>SAML2 Local</Logout><br>> </Sessions><br>> <br>> <MetadataProvider type="XML" uri="<a href="https://idp.testshib.org/idp/shibboleth" target="_blank">https://idp.testshib.org/idp/shibboleth</a>" <br>> backingFilePath="/tmp/testshib.xml" reloadInterval="180000"/><br>> </ApplicationOverride><br>> </ApplicationDefaults><br>> <br>> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/><br>> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/><br>> </SPConfig>here is my wsgi-keystoneWSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main<br>> WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin<br>> <br>> <Location "/keystone"><br>> # NSSRequireSSL<br>> SSLRequireSSL<br>> Authtype none<br>> </Location><br>> <br>> <Location /Shibboleth.sso><br>> SetHandler shib<br>> </Location><br>> <br>> <Location /v3/OS-FEDERATION/identity_providers/idp_1/protocols/saml2/auth><br>> ShibRequestSetting requireSession 1<br>> ShibRequestSetting applicationId idp_1<br>> AuthType shibboleth<br>> ShibRequireAll On<br>> ShibRequireSession On<br>> ShibExportAssertion Off<br>> Require valid-user<br>> </Location><br>> <br>> <Location /v3/OS-FEDERATION/identity_providers/idp_2/protocols/saml2/auth><br>> ShibRequestSetting requireSession 1<br>> ShibRequestSetting applicationId idp_2<br>> AuthType shibboleth<br>> ShibRequireAll On<br>> ShibRequireSession On<br>> ShibExportAssertion Off<br>> Require valid-user<br>> </Location> <br>> <br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe<br>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a> <br> <br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe<br>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br> <br> <br> <br></pre><br>__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</div></div> </div>
<br>__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</div></div></div>
</div></body>
</html>