Error Message: No peer endpoint available to which to send SAML response

shibboleth
Mert Metin picture Mert Metin · Jan 14, 2015 · Viewed 8.2k times · Source

I installed Shibboleth SP on my mac. I try to make a connect with the test shib. However, I get this error after I login.

 Error Message: No peer endpoint available to which to send SAML response

Here's my Shibboleth2.xml

<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
          checkAddress="false" handlerSSL="false" cookieProps="http">


    <SSO entityID="https://idp.testshib.org/idp/shibboleth"
         discoveryProtocol="SAMLDS" forceAuthn="true">
      SAML2 SAML1
    </SSO>


    <MetadataProvider type="XML" uri="http://www.testshib.org/metadata/testshib-providers.xml"
          backingFilePath="testshib-two-idp-metadata.xml" reloadInterval="180000">
    </MetadataProvider>

here's my metadata

 <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/Shibboleth.sso/SAML2/POST" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://localhost/Shibboleth.sso/SAML2/POST-SimpleSign" index="2"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://localhost/Shibboleth.sso/SAML2/ECP" index="3"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://localhost/Shibboleth.sso/SAML/POST" index="4"/>

Why I am getting this error?

Answer

Normo picture Normo · Jan 27, 2015

This message indicates a mismatch between the configuration of the Testshib Identity Provider and your Shibboleth Service Provider you tried logging in to. I would suspect a problem caused by using the name "localhost" in the Assertion Consumer Service URL provided with your metadata. The IDP is trying to send the SAML response to https://localhost/Shibboleth.sso/SAML2/POST, but there is of course no Assertion Consumer Service because "localhost" is in this case the IDP itself.

So, I would start by removing everything from Testshib, changing your SP's entityID to make it more unique (Use your IP address instead of localhost) and re-add updated metadata for your SP to TestShib.

Related questions

NoClassDefFoundError: org/w3c/dom/ElementTraversal

I installed Jetty 7 and configured it correcty for IdP Shibboleth following this guide: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPJetty7Prepare But when i try to start Jetty I get this error: NoClassDefFoundError: org/w3c/dom/ElementTraversal To …

Read More
How do I talk to ADFS from Java?

We have a website running on Caucho Resin. It's written primarily in Java using JSP. We have our own custom authentication on the site. (We're not using any third party authentication frameworks.) We would now like to support federation using …

Read More
Logging into SAML/Shibboleth authenticated server using python

I'm trying to login my university's server via python, but I'm entirely unsure of how to go about generating the appropriate HTTP POSTs, creating the keys and certificates, and other parts of the process I may be unfamiliar with that …

Read More