Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Logging in to Primo yields the Shibboleth error opensaml::saml2md::MetadataException

    • Article Type: General
    • Product: Primo
    • Product Version: Jul-15
    • Relevant for Installation Type: Dedicated-Direct; Direct; Local; Total Care

    Problem Symptoms
    - Unable to sign in to Primo
    - Error appears before entering credentials
    - PDS uses Shibboleth
    - Browser error message:

    opensaml::saml2md::MetadataException

    The system encountered an error at Fri Oct 23 11:09:57 2015
    To report this problem, please contact the site administrator at root@localhost.
    Please include the following message in any email:

    opensaml::saml2md::MetadataException at (https://pds-server-name/shib/INST_CODE/pds_main)

    Unable to locate metadata for identity provider (https://login.customer.edu/idp/shibboleth)

    - Error in /var/log/shibboleth/shibd.log:

    2015-10-23 08:14:49 WARN OpenSAML.MetadataProvider [3731]: ignored expired metadata instance for (https://login.customer.edu/idp/shibboleth)
    2015-10-23 08:14:49 WARN Shibboleth.SessionInitiator.SAML2 [3731]: unable to locate metadata for provider (https://login.customer.edu/idp/shibboleth)

    Cause
    This problem will occur when any of the following conditions are true:
    - The Shibboleth MetadataProvider configuration in shibboleth2.xml is out of date
    - The Shibboleth MetadataProvider configuration in shibboleth2.xml is incorrect

    Resolution
    1. Login as root on all PDS servers
    2. Run the following commands
    cd /etc/shibboleth
    cp -p shibboleth2.xml shibboleth2.xml.`date +"%Y%m%d"`
    3. Edit the shibboleth2.xml file
    4. Search for the comment "Example of remotely supplied batch of signed metadata."
    5. Add the following line after the comment:

    <MetadataProvider type="XML" reloadInterval="7200" backingFilePath="InCommon-metadata.xml" uri="http://md.incommon.org/InCommon/InCommon-metadata.xml"/>

    6. Remove or comment out all other <MetadataProvider> elements (see the Additional Information for examples)
    7. Run the following command to restart the Shibboleth daemon:
    /etc/init.d/shibd restart

    Additional Information

     

    Examples of <MetadataProvider> elements to comment out:

    <MetadataProvider type="XML" uri="http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"
                  backingFilePath="InCommon-metadata.xml" reloadInterval="7200"/>
    
    <MetadataProvider type="XML" reloadInterval="7200" backingFilePath="InCommon-metadata.xml" uri="http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"/>
    
    <MetadataProvider type="XML" file="CUSTOMERidp.xml"/>
    

    Category: PDS