<html>
<head>
</head>
<body class='hmmessage'><div dir='ltr'>

<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Hi Marco, <div>did you get a chance to look at the logs,</div><div><br></div><div>Regards,</div><div>Akshik<br><br><div><hr id="stopSpelling">From: akshik@outlook.com<br>To: openstack-dev@lists.openstack.org<br>Date: Fri, 27 Feb 2015 22:50:47 +0530<br>Subject: Re: [openstack-dev] Need help in configuring keystone<br><br>

<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}

.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}

--></style>
<div dir="ltr">Hi Marco,<div><br></div><div>Thanks for responding, Ive cleared the log file and have restarted the shibd service.</div><div><br></div><div>the metadata file got created, i've attached the log file and metadata file as well.</div><div><br></div><div>Regards,</div><div>Akshik<br><br><div>Date: Fri, 27 Feb 2015 15:12:39 +0100<br>From: Marco.Fargetta@ct.infn.it<br>To: openstack-dev@lists.openstack.org<br>Subject: Re: [openstack-dev] Need help in configuring keystone<br><br><pre>Hi Akshik,<br> <br>the metadata error is in your SP, if the error was on testshib you<br>should not be redirected back after the login. Maybe there is a configuration<br>problem with shibboleth. Try to restart the service and look at shibboleth logs.<br>Check also the metadata of testshib are downloaded correctly because from the error<br>it seems you have not the metadata of testshib.<br> <br>Cheers,<br>Marco<br> <br>On Fri, Feb 27, 2015 at 06:39:30PM +0530, Akshik DBK wrote:<br>> Hi Marek ,<br>> I've registered with testshib, this is my keystone-apache-error.log log i get [error] [client 121.243.33.212] No MetadataProvider available., referer: <a href="https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO" target="_blank">https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO</a><br>> From: akshik@outlook.com<br>> To: openstack-dev@lists.openstack.org<br>> Date: Fri, 27 Feb 2015 15:56:57 +0530<br>> Subject: [openstack-dev] Need help in configuring keystone<br>> <br>> <br>> <br>> <br>> Hi I'm new to SAML, trying to integrate keystone with SAML, Im using Ubuntu 12.04 with Icehouse,im following <a href="http://docs.openstack.org/developer/k...when" target="_blank">http://docs.openstack.org/developer/k...when</a> im trying to configure keystone with two idp,when i access https://MYSERVER:5000/v3/OS-FEDERATIO...it gets redirected to testshib.org , it prompts for username and password when the same is given im gettingshibsp::ConfigurationException at ( https://MYSERVER:5000/Shibboleth.sso/... ) No MetadataProvider available.here is my shibboleth2.xml content<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"<br>>     xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"<br>>     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"<br>>     xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    <br>>     xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"<br>>     clockSkew="180"><br>> <br>>     <ApplicationDefaults entityID="https://MYSERVER:5000/Shibboleth"><br>>         <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"><br>>             <SSO entityID="<a href="https://idp.testshib.org/idp/shibboleth" target="_blank">https://idp.testshib.org/idp/shibboleth</a>" ECP="true"><br>>                 SAML2 SAML1<br>>             </SSO><br>> <br>>             <Logout>SAML2 Local</Logout><br>> <br>>             <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/><br>>             <Handler type="Status" Location="/Status" /><br>>             <Handler type="Session" Location="/Session" showAttributeValues="false"/><br>>             <Handler type="DiscoveryFeed" Location="/DiscoFeed"/><br>>         </Sessions><br>> <br>>         <Errors supportContact="root@localhost"<br>>             logoLocation="/shibboleth-sp/logo.jpg"<br>>             styleSheet="/shibboleth-sp/main.css"/><br>> <br>>         <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/><br>>         <AttributeResolver type="Query" subjectMatch="true"/><br>>         <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/><br>>         <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/><br>> <br>>         <ApplicationOverride id="idp_1" entityID="https://MYSERVER:5000/Shibboleth"><br>> <br>>             <Sessions lifetime="28800" timeout="3600" checkAddress="false"<br>>             relayState="ss:mem" handlerSSL="false"><br>>                 <SSO entityID="<a href="https://portal4.mss.internalidp.com/idp/shibboleth" target="_blank">https://portal4.mss.internalidp.com/idp/shibboleth</a>" ECP="true"><br>>                     SAML2 SAML1<br>>                 </SSO><br>>                 <Logout>SAML2 Local</Logout><br>>             </Sessions><br>> <br>>             <MetadataProvider type="XML" uri="<a href="https://portal4.mss.internalidp.com/idp/shibboleth" target="_blank">https://portal4.mss.internalidp.com/idp/shibboleth</a>"<br>>              backingFilePath="/tmp/tata.xml" reloadInterval="180000" /><br>>         </ApplicationOverride><br>> <br>>         <ApplicationOverride id="idp_2" entityID="https://MYSERVER:5000/Shibboleth"><br>>             <Sessions lifetime="28800" timeout="3600" checkAddress="false"<br>>             relayState="ss:mem" handlerSSL="false"><br>>                 <SSO entityID="<a href="https://idp.testshib.org/idp/shibboleth" target="_blank">https://idp.testshib.org/idp/shibboleth</a>" ECP="true"><br>>                     SAML2 SAML1<br>>                 </SSO><br>> <br>>                 <Logout>SAML2 Local</Logout><br>>             </Sessions><br>> <br>>             <MetadataProvider type="XML" uri="<a href="https://idp.testshib.org/idp/shibboleth" target="_blank">https://idp.testshib.org/idp/shibboleth</a>"  <br>>             backingFilePath="/tmp/testshib.xml" reloadInterval="180000"/><br>>         </ApplicationOverride><br>>     </ApplicationDefaults><br>> <br>>     <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/><br>>     <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/><br>> </SPConfig>here is my wsgi-keystoneWSGIScriptAlias /keystone/main  /var/www/cgi-bin/keystone/main<br>> WSGIScriptAlias /keystone/admin  /var/www/cgi-bin/keystone/admin<br>> <br>> <Location "/keystone"><br>> # NSSRequireSSL<br>> SSLRequireSSL<br>> Authtype none<br>> </Location><br>> <br>> <Location /Shibboleth.sso><br>>     SetHandler shib<br>> </Location><br>> <br>> <Location /v3/OS-FEDERATION/identity_providers/idp_1/protocols/saml2/auth><br>>     ShibRequestSetting requireSession 1<br>>     ShibRequestSetting applicationId idp_1<br>>     AuthType shibboleth<br>>     ShibRequireAll On<br>>     ShibRequireSession On<br>>     ShibExportAssertion Off<br>>     Require valid-user<br>> </Location><br>> <br>> <Location /v3/OS-FEDERATION/identity_providers/idp_2/protocols/saml2/auth><br>>     ShibRequestSetting requireSession 1<br>>     ShibRequestSetting applicationId idp_2<br>>     AuthType shibboleth<br>>     ShibRequireAll On<br>>     ShibRequireSession On<br>>     ShibExportAssertion Off<br>>     Require valid-user<br>> </Location>                                      <br>> <br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe<br>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>                                    <br> <br>> __________________________________________________________________________<br>> OpenStack Development Mailing List (not for usage questions)<br>> Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe<br>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br> <br> <br> <br></pre><br>__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</div></div>                                         </div>
<br>__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</div></div></div>
                                          </div></body>
</html>