[LON-CAPA-admin] Single Sign On
Neubauer, Paul
pneubauer at bsu.edu
Sun Mar 28 13:51:30 EDT 2021
Hi Stuart,
Thank you. This looks very useful.
>Shibboleth data will be available from:
lon-capa.bsu.edu/Shibboleth.sso/Session
I did check that page and confirmed that my eppn is present when I log in through our old IdP, but it is absent when I have attempted to log in through the new IdP.
In reco/var/log/shibboleth/shibd.log I find this from an attempted login this morning (from the new IdP):
2021-03-28 05:39:51 WARN Shibboleth.AttributeFilter [2] [default]: removed value at position (0) of attribute (eppn) from (http://federate.bsu.edu/sso)
When I searched for that message, I found on another shibboleth mailing list:
>> Are you sure that your AttributeEncoder on the IdP is correct? It should be xsi:type="SAML2ScopedString".
I will be asking the guys working on the new IdP about that. (If I don't ask stupid questions, I can't really ask much at all.)
As for the rest of you message, I will prepare that today and test it early tomorrow morning. I'm hopeful that it will give me something that will help the folks who know more than I do about what the new IdP is doing. So far, I have made minimal changes on the lon-capa end so I have to think that the problem is some difference at the IdP end. Your code should help me determine what is different.
Thanks a million,
Paul
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of Raeburn, Stuart via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org>
Sent: Sunday, March 28, 2021 1:06 PM
To: lon-capa-admin at mail.lon-capa.org <lon-capa-admin at mail.lon-capa.org>
Subject: Re: [LON-CAPA-admin] Single Sign On
Hello Paul,
Shibboleth data will be available from:
lon-capa.bsu.edu/Shibboleth.sso/Session
For other URLs relative to lon-capa.bsu.edu/Shibboleth.sso/ which you might access, retrieve the Status information using:
wget --no-check-certificate https://localhost/Shibboleth.sso/Status
and then examine the <Handler type= ... Location= ... > items in the Status output.
To explore the data available on the Apache side, following successful Single Sign On, you could do the following:
1. If it does not already exist, create a file:
/etc/httpd/conf/loncapa_apache_localbsu.conf
2. Add the following to that file:
<Location /adm/testshib>
PerlAuthenHandler Apache::lonshibauth
PerlSetVar lonOtherAuthen yes
PerlSetVar lonOtherAuthenType Shibboleth
AuthType shibboleth
ShibRequestSetting requireSession 1
require valid-user
ShibUseEnvironment On
ShibUseHeaders Off
ShibRequestSetting redirectToSSL 443
PerlAuthzHandler 'sub { return OK }'
SetHandler perl-script
PerlHandler Apache::lontestshib
</Location>
3. Create a file:
/home/httpd/lib/perl/Apache/lontestshib.pm
owned by www:www
4. Add the following to that file (replacing: *** your IP address *** with the IP address you will be testing from):
package Apache::lontestshib;
use strict;
use POSIX qw(strftime);
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my $date=strftime("%a, %d %b %Y %H:%M:%S GMT",gmtime(time));
$r->no_cache(1);
$r->header_out("Expires" => $date);
$r->header_out("Pragma" => "no-cache");
$r->content_type('text/html; charset=en');
$r->send_http_header;
$r->print('<html><head><title>Test SSO</title></head><body bgcolor="#ffffff">');
if ($ENV{'REMOTE_ADDR'} eq '*** your IP address ***') {
$r->print("User => ".$r->user."<br />\n");
foreach my $key (sort(keys(%ENV))){
next if ($key =~ /^HTTP_/);
$r->print("$key => $ENV{$key}<br/>\n");
}
} else {
$r->print("Access denied to your IP address: $ENV{'REMOTE_ADDR'}");
}
$r->print('</body></html>');
return OK;
}
1;
5. Reload the Apache web server:
service httpd reload
6. Point your web browser at:
https://lon-capa.bsu.edu/adm/testshib
You should be prompted to authenticate via Single Sign On, and the page displayed after successful login should display the contents of %ENV (excluding keys starting HTTP_). Information added to %ENV should include data sent by the Shibboleth IdP.
For LON-CAPA to use lonacc::sso_login() to create a session for an SSO-authenticated user, REMOTE_USER needs to have been set to the username of the authenticated user by the Apache mod_shib module.
In the output from /adm/testshib, the value of $r->user, is displayed as the first item, i.e.,
User =>
Other items added to %ENV from data sent by the Shibboleth IdP are only used by LON-CAPA, when a user authenticated by SSO does *not* already have a LON-CAPA user account, and is using LON-CAPA's self service account creation. That will only be available if the bsu LON-CAPA domain has been configured to offer that functionality.
As Domain Coordinator you would use:
Main Menu > Set Domain configuration > Display ("Users self-creating accounts" checked)
and set: "Institutional Single Sign On" Enabled: "Yes", and then also set any mapping of Shibboleth environment variable names to user data fields as needed.
See: lon-capa.bsu.edu/adm/help/Domain_Configuration_Self_Creation.hlp
Stuart Raeburn
LON-CAPA Academic Consortium
________________________________________
From: Neubauer, Paul <pneubauer at bsu.edu>
Sent: Thursday, March 25, 2021 12:21 PM
To: lon-capa-admin at mail.lon-capa.org; Raeburn, Stuart
Subject: Re: Single Sign On
Hi Stuart,
Thanks for the informative reply. As far as I can tell, we've done all of what we're supposed to do. My naïve undeerstanding of our problem runs like this:
1. We know that I (for example) can log in using our old IdP
2. If I log in using the old IdP, we get an entry in /home/httpd/perl/logs/lonnet.log like: "SSO authorized user pneubauer"
3. We know that I cannot log in using our new IdP
4. When I try to login using the new IdP no log entry occurs
5. We *believe* that the old and new IdPs send the same attributes and assertions.
6. However, either Apache or lon-capa is not treating the attributes passed from our IdPs the same
What we really need now is a way to see what attributes and assertions are received. In particular, it looks like we need a way to see what values we are getting for eppn. I grepped for "eppn" in /home/httpd/lib/perl/Apache without success. I know that I am ignorant of how Apache or lon-capa handles the sso data, but shouldn't there be some reference somewhere to what attributes it is looking for?
Thanks,
Paul
________________________________
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of Raeburn, Stuart via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org>
Sent: Thursday, March 25, 2021 10:25 AM
To: lon-capa-admin at mail.lon-capa.org <lon-capa-admin at mail.lon-capa.org>
Subject: Re: [LON-CAPA-admin] Single Sign On
Hello Paul,
My recommendation would be to take a look at the ApplicationDefaults section in /etc/shibboleth2.xml.
The SP entityID needs to match what is expected by the IdP.
The REMOTE_USER should be set to the attribute to be used to identify the authenticated user, e.g.,
<ApplicationDefaults id="default" policyId="default"
entityID="https://federate.bsu.edu/shibboleth<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ffederate.bsu.edu%2Fshibboleth__%3B!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2zJL8P7nQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350848226%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=82CJ%2Bu9DbQpymjRccsNi0U7Wm7SbWWnFMkF3mZ9QR80%3D&reserved=0>"
REMOTE_USER="eppn persistent-id targeted-id"
>From the LON-CAPA Domain Coordination manual (section 4.2):
"REMOTEUSER is used to pass on the primary identifier of the authenticated user. It should be set to match an attribute or alias defined in the attribute-map.xml file. LON-CAPA uses this value ($r->user in the mod_perl environment) as the username of the user."
As noted here: mail.lon-capa.org/pipermail/lon-capa-admin/2012-July/002609.html
"for Shibboleth SSO to work with LON-CAPA, lonshibauth.pm and lonshibacc.pm need to have been installed in /home/httpd/lib/perl/Apache and also /home/httpd/html/adm/sso needs to have been installed."
In LON-CAPA's apache config file: /etc/httpd/conf/loncapa_apache.conf (on CentOS/RHEL/Scientific Linux/Oracle Linux) you'll find:
<IfModule mod_shib>
PerlAuthenHandler Apache::lonshibauth
PerlSetVar lonOtherAuthen yes
PerlSetVar lonOtherAuthenType Shibboleth
</IfModule>
and
<Location /adm/sso>
<IfModule mod_shib>
AuthType shibboleth
ShibUseEnvironment On
ShibRequestSetting requireSession 1
ShibRequestSetting redirectToSSL 443
require valid-user
PerlAuthzHandler Apache::lonshibacc
PerlAuthzHandler Apache::lonacc
</IfModule>
<IfModule !mod_shib>
PerlTypeHandler Apache::lonnoshib
</IfModule>
</Location>
The lonshibauth.pm module will redirect a user requiring Single Sign On via Shibboleth to a URL -- /adm/sso -- on the server which is configured to use that service.
The lonshibacc.pm module is an authorization handler used to remove trailing @internet domain from the Shibboleth-authenticated username (e.g., @bsu.edu).
After removing @bsu.edu from $r->user, the handler will return DECLINED so that
lonacc.pm can be invoked as the next authorization handler.
The subroutine in /home/httpd/lib/perl/Apache/lonacc.pm used for LON-CAPA session management for SSO-authenticated users (both Shibboleth and CAS) is: sso_login(). The call to that routine occurs early in the lonacc.pm handler() routine, immediately after retrieving a LON-CAPA session handle for an unexpired LON-CAPA session, based on a session cookie (if there is one) included in the browser's request.
The sso_login() routine in lonacc.pm does not write much to the logs. If $r->user was set (i.e., the user was authenticated by Shibboleth), and the value passes a regexp check that it could be a valid username, then LON-CAPA will check whether that user exists in the domain. If so, this will be logged in /home/httpd/perl/logs/lonnet.log:
SSO authorized user <username>
You could add some more calls to &Apache::lonnet::logthis() to log other things to /home/httpd/perl/logs/lonnet.log to try to figure out what is going.
After making changes do:
service httpd reload
Stuart Raeburn
LON-CAPA Academic Consortium
________________________________________
From: Neubauer, Paul <pneubauer at bsu.edu>
Sent: Thursday, March 25, 2021 8:44 AM
To: lon-capa-admin at mail.lon-capa.org; Raeburn, Stuart
Subject: Re: Single Sign On
Hi Stuart (or anyone else who has any ideas for me),
We've continued trying to track this down, without notable success.
What routine in lon-capa handles the attributes sent by the IdP and decides whether it matches a valid user? Is there any log setting to capture the attributes sent by our IdP? So far, we have not found any settings in /etc/shibboleth/shibd.logger that capture the attributes received into either /var/log/shibboleth/shibd.log or /var/log/shibboleth/transaction.log. Do you know of any such setting? Alternatively, is there any lon-capa log that might be informative with regard to who logs in and when or how?
Thanks,
Paul
________________________________
From: Neubauer, Paul <pneubauer at bsu.edu>
Sent: Wednesday, March 24, 2021 9:38 AM
To: lon-capa-admin at mail.lon-capa.org <lon-capa-admin at mail.lon-capa.org>; Raeburn, Stuart <raeburn at msu.edu>; Neubauer, Paul <pneubauer at bsu.edu>
Subject: Re: Single Sign On
Hi Stuart and all,
As Stuart commented on Sunday, "the standard advice is to check the MetadataProvider element(s) in your shibboleth2.xml file." Our guy who is spearheading the replacement of our IdP (Identity Provider) came up with the following change to our MetadataProvider element:
<MetadataProvider type="XML" uri="https://federate.bsu.edu/FederationMetadata/2007-06/FederationMetadata.xml<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ffederate.bsu.edu%2FFederationMetadata%2F2007-06%2FFederationMetadata.xml__%3B!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtLz6CjS0w%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350848226%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vnIAqXlyh74eVRuiY%2FyP%2FMJR8QuqUbq0KDbLT6RduMk%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ffederate.bsu.edu%2FFederationMetadata%2F2007-06%2FFederationMetadata.xml*3Chttps%3A%2F*nam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Ffederate.bsu.edu*2FFederationMetadata*2F2007-06*2FFederationMetadata.xml__*3B!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtLz6CjS0w*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792795531*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DXMDgDujie*2BjzQZ5PIjJ63*2BEhn1Lu6WRQLwSeJM1mi8Q*3D%26amp%3Breserved%3D0__%3BJS8lJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2zJrNB7ug%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350858222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=s3Rlk2zjCvmgt0XXlfkCperwPz%2FxSSC2x%2F49gsT3%2B6w%3D&reserved=0>>"
backingFilePath="metadata/federate.bsu.edu.xml" reloadInterval="7200"/>
I have to admit that I don't understand the point of the differences. My ignorance may be curable, but as of now we only have about a week to make it work, so educating me about the ins and outs of SSO is not our highest priority right now. We've been "experimenting" every morning at 6am. At this time, using that new version of shibboleth2.xml, I do successfully get redirected to our login page and I can tell I have succeeded at the IdP end of the operation because I get the push to my phone for our two-factor authentication. So far, so good.
Unfortunately (you knew this was coming, right?) the next thing I see is:
-------------------------------------------------
Forbidden
You don't have permission to access /adm/sso on this server.
-------------------------------------------------
Some googling reveals that I had asked exactly this question on this list in December, 2017: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.lon-capa.org%2Fpipermail%2Flon-capa-admin%2F2017-December%2F003310.html&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350858222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ruHuAFoXQ7k2fbTr9GlfzyKSwKcPU7sVLeNwJC8ofRY%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fpipermail*2Flon-capa-admin*2F2017-December*2F003310.html%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396339240*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DyA0DUUedb5cKoNazDBH4LNogE8tU3GIfmLLJwndx5yE*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtIwuuSo3g%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350858222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=kCNgAKbk77vV6ZH5D9s6VJ%2BTql1stVT67H%2BPAEBcC%2Bg%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fpipermail*2Flon-capa-admin*2F2017-December*2F003310.html%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792795531*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3Dw2vp7UBc7jylTFRlcNkoZfVuK7Hea*2BU1UQWtuU9Caic*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fpipermail*2Flon-capa-admin*2F2017-December*2F003310.html*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396339240*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DyA0DUUedb5cKoNazDBH4LNogE8tU3GIfmLLJwndx5yE*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtIwuuSo3g*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792795531*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DIWs5VOhTLSbauCi7UbPLhN0XfeYQNcVkH0Q9*2Bm8KdbI*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJS8vLz8lJSUlJSUlJSUlJSoqKioqKiolJSUqKioqKioqKioqKiolJSUqJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2yoRgib4w%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350858222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=m6IV4ucjoy4DrHumHVOR0Z%2Fs2%2Fg%2FizlTdsLYxPI5KuM%3D&reserved=0>>
I got no answer on the list at that time and I don't recall even asking the question, let alone how we solved it, or even who solved it.
I naïvely suspected that the new IdP is providing different data to lon-capa, but I am assured that the "assertions and attributes haven't changed." I don't know how to capture whatever our IdP is actually providing to lon-capa, so I don't know how to compare the new IdP data to the old. Is that logged somewhere? What routine handles the authentication within lon-capa?
Does anyone have a clue for the clueless (me)?
Thanks,
Paul
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of Neubauer, Paul via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org>
Sent: Sunday, March 21, 2021 6:01 PM
To: lon-capa-admin at mail.lon-capa.org <lon-capa-admin at mail.lon-capa.org>; Raeburn, Stuart <raeburn at msu.edu>
Subject: Re: [LON-CAPA-admin] Single Sign On
Hi Stuart,
Sorry. Yes it is odd. I did a screenshot instead of a text copy and then retyped the message from that. That's the cause of the "lonn-capa01" instead of "lon-capa01" (assuming you meant the double-n in "lonn" as what is odd). (I also have to apologize for the HTML mail instead of plain text I think I've corrected both now.)
"lon-capa01.aws.bsu.edu" is the canonical name of the system (as we have it hosted on Amazon Web Services) and "lon-capa.bsu.edu" is an alternate name. So far, that has not been a problem.
Anyway, the file shibboleth2.xml.old is the (copy of the) original (which we have now reverted to) and shibboleth2.xml.new is the version of shibboleth2.xml that was in use when we got the error.
A diff of the two files:
diff shibboleth2.xml.old shibboleth2.xml.new
51c51
< <SSO entityID="https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fshibboleth.bsu.edu%2Fsso&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350858222%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=90ueULmuwM8dH5KzTXShV6GREnA9Ge5fKP41fts9Aqg%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350868214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=HQIwIE7Zo2Dv%2BL2k77bkdRkN8I8FgrMG0umquaqbuu8%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792805520*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DiDrOShTidmMoO4Ri7P*2FKIp6EWlShLHVW*2F1zJMAqMcQk*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792805520*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DORrQxslPm23*2BIoIOcHSigQBYHm3LYA4IW4S7*2Fdu*2BG4w*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUvLy8_JSUlJSUlJSUlJSUqKioqJSUlKioqKioqKioqKioqJSUlKioqJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2wW_Q06YQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350868214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uaR11mByaBvwMBMbZVXmNpsqP0kL5l9uWzUhUAtU6ZU%3D&reserved=0>>">SAML2 SAML1</SSO>
---
> <SSO entityID="https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffederate.bsu.edu%2Fsso&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350868214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=fLTiFCv2Nc%2F1FfyvTynNDDF%2BGHXV6b7ZtwJACQU19KI%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Ffederate.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DtGupHkVFNYdwehnfQaU62awnv8ghjQyQCSPORA*2Fhmjc*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtL3SdFlBw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350868214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=v7BoyJxix7Kw4gJz0bvsTdLxJfMltEjDrC3KdaFF4T4%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Ffederate.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792805520*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DjhmRV51aBeRlKZUayjqkOvrwrpw2k3*2FXBVxPQ0egFcc*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Ffederate.bsu.edu*2Fsso*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DtGupHkVFNYdwehnfQaU62awnv8ghjQyQCSPORA*2Fhmjc*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtL3SdFlBw*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792805520*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3Dm7R2AO0A2eOkfsUNt2QBZTKR46ey3bWr4LVdgyqEATQ*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJS8vLz8lJSUlJSUlJSUlJSoqKiolJSUqKioqKioqKioqKiolJSUqKiUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2wUgQ5MsA%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350868214%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=KMPI37YGLvnSPqcl9CH1inFXx3reg3F2DTIcC6V6Z5s%3D&reserved=0>>">SAML2 SAML1</SSO>
82c82
< file="metadata/shibboleth.bsu.edu.xml"/>
---
> file="metadata/federate.bsu.edu.xml"/>
shows that the only changes were from shibboleth.bsu.edu to federate.bsu.edu and the result of the grep that I included in the original message showed that I changed all instances of the string 'shibboleth.bsu.edu' so how did it get that the identity provider ought to be 'https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fshibboleth.bsu.edu%2Fsso&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350878212%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0qf7WxyTcdWdJWq%2FCZawoVOCDztxvelTrYuOoAULXHU%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350878212%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2s%2FXiEM9yAnD4aK8WDgIG44UCur2WUEcrCQTkxQcCI0%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792805520*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DiDrOShTidmMoO4Ri7P*2FKIp6EWlShLHVW*2F1zJMAqMcQk*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792805520*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DORrQxslPm23*2BIoIOcHSigQBYHm3LYA4IW4S7*2Fdu*2BG4w*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUvLy8_JSUlJSUlJSUlJSUqKioqJSUlKioqKioqKioqKioqJSUlKioqJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2wW_Q06YQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350878212%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2BoYWkE%2Ba%2Bq8oBmCNIRBHQjoObDuI5WIF1%2FqD9Fodu%2FU%3D&reserved=0>>'? There were no instances of that string anywhere in /etc (let alone /etc/shibboleth).. If the message had said that it was unable to locate identity provider (https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffederate.bsu.edu%2Fsso&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350878212%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zWdXzRRhXYRIOXFAuBYPj4CP2yX5CuEYU0kmt5aNUhg%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Ffederate.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DtGupHkVFNYdwehnfQaU62awnv8ghjQyQCSPORA*2Fhmjc*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtL3SdFlBw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350878212%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=l0IBnNI43DchkautoafwRrg82rddrULzL4w6oXNPfmM%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Ffederate.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792815525*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DemNuAXTxd2wSseGzHJEbDKtj5EwZOOL2p1CYe0d3*2BH0*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Ffederate.bsu.edu*2Fsso*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DtGupHkVFNYdwehnfQaU62awnv8ghjQyQCSPORA*2Fhmjc*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtL3SdFlBw*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792815525*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3Dx3nne5lkX0*2FvmgUjhPfxHB9SgAVVyR0BDiyGCUnezCk*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJS8vLz8lJSUlJSUlJSUlJSoqKiolJSUqKioqKioqKioqKiolJSUqKiUlJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2xhhQLnaQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350888205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=AHmcEKbuHj5p4HGqme04b9dhsuKL6pJQkcVaGCVxCrU%3D&reserved=0>>) I would be a lot less puzzled.
Thanks,
Paul
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of Raeburn, Stuart via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org>
Sent: Sunday, March 21, 2021 4:55 PM
To: lon-capa-admin at mail.lon-capa.org <lon-capa-admin at mail.lon-capa.org>
Subject: Re: [LON-CAPA-admin] Single Sign On
Hello Paul,
This line is odd:
"Identity provider lookup failed at (https:lonn-capa01.aws.bsu.edu/adm/sso)"
I would expect that to be lookup failed at:
https://lon-capa01.aws.bsu.edu/adm/sso<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flon-capa01.aws.bsu.edu%2Fadm%2Fsso__%3B!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJtExTeIw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350888205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pHlmNECOn48m5apg5zA79RUABtHrw8xiQ6EoK%2FP8HOs%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flon-capa01.aws.bsu.edu%2Fadm%2Fsso*3Chttps%3A%2F*nam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Flon-capa01.aws.bsu.edu*2Fadm*2Fsso__*3B!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJtExTeIw*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792815525*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3Ds8MUF5CHl1J6XjuTTjF6XELPFoo55zpRnkffQ0ZZ23o*3D%26amp%3Breserved%3D0__%3BJS8lJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2yINu8gIg%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350888205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=PdwQqu%2BJ%2FNzxyuVNphAz8XzUhzmDt83bY%2Bwg3BUn444%3D&reserved=0>>
IP address: 34.204.137.158 points at lon-capa.bsu.edu
and lon-capa01.aws.bsu.edu has IP address: 34.204.137.158
If you see: "Unable to locate metadata for identity provider" the standard advice is to check the MetadataProvider element(s) in your shibboleth2.xml file.
Stuart Raeburn
LON-CAPA Academic Consortium
________________________________________
From: LON-CAPA-admin <lon-capa-admin-bounces at mail.lon-capa.org> on behalf of Neubauer, Paul via LON-CAPA-admin <lon-capa-admin at mail.lon-capa.org>
Sent: Sunday, March 21, 2021 2:30 PM
To: list about administration and system updating(lon-capa-admin at mail.lon-capa.org)
Subject: [LON-CAPA-admin] Single Sign On
Hi all,
We (Ball State University) are in the process of updating our identity provider. We are rolling in the changes so individual systems are being moved from using "shibboleth.bsu.edu" to using "federate.bsu.edu". It is lon-capa's turn.
I found all the files that referenced "shibboleth.bsu.edu" and copied them to a different location:
cp /etc/shibboleth/attribute-map.xml /root/sso/attribute-map.xml.old
cp /etc/shibboleth/shibboleth2.xml /root/sso/shibboleth2.xml.old
cp /etc/shibboleth/metadata/shibboleth.bsu.edu.xml /root/sso/shibboleth.bsu.edu.xml
I then made copies of the two .old files as .new and edited them to replace "shibboleth.bsu.edu" with "federate.bsu.edu"
I also got the new metadata (with wget https://federate.bsu.edu/FederationMetadata/2007-06/FederationMetadata.xml<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ffederate.bsu.edu%2FFederationMetadata%2F2007-06%2FFederationMetadata.xml__%3B!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtLz6CjS0w%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350888205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=RPJZuJXfklck0kErS81IJZ%2F%2F34cQpZT7LP85MI0zSVk%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ffederate.bsu.edu%2FFederationMetadata%2F2007-06%2FFederationMetadata.xml*3Chttps%3A%2F*nam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Ffederate.bsu.edu*2FFederationMetadata*2F2007-06*2FFederationMetadata.xml__*3B!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtLz6CjS0w*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792815525*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DTbcpX48KjJc*2B7a*2BW5Hsel7YdHExgBYdCJyW9CvAPJsg*3D%26amp%3Breserved%3D0__%3BJS8lJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUl!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2xHM3gdSQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350888205%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=VW5AiHDPO7UHrqIsfQJu5UD7znoJeJEj7lXONJXbPOI%3D&reserved=0>>) and saved it as federate.bsu.edu.xml
This morning I stopped shibd, copied the .new files to /etc/shibboleth/ and federate.bsu.edu.xml to /etc/shibboleth/metadata/
I checked for "shibboleth.bsu.edu":
[root at lon-capa01 ~]# grep -H -r -i 'shibboleth.bsu.edu' /etc
[root at lon-capa01 ~]#
which shows that I had eliminated all references to it.
I restarted shibd and when I tried to log in, I got:
---------------------------------
Unknown or unusable identity provider
The identity provider supplying your login credentials is not authorized for use with this service or does not support the necessary capabilities.
To report this problem, please contact the site administrator at security at bsu.edu.
Please include the following error message in any email:
Identity provider lookup failed at (https:lon-capa01.aws.bsu.edu/adm/sso)
EntityID: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fshibboleth.bsu.edu%2Fsso&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350898198%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=6bntsZBuKa%2BOsAIBnwzScyfNWxbydw8FPflOQZd1fz0%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350898198%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=FjtIvYDPqEi%2BY6ju4wWpXRZzHzrv9U5jllZC%2BAt537Q%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792815525*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3D4N*2FGeG9j*2BRJTc7xG9gNy5gQW3x*2Fh05Q51awDAqtg37w*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792815525*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DQ*2FJky4UPWgF1QDi0xDhwgHK8rllwQXDgph3UYkMUCn4*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlLy8vPyUlJSUlJSUlJSUlKioqKiUlJSoqKioqKioqKioqKiUlJSoqKiUlJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2zqR0QMUQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350898198%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=TMBi6l76Bpd%2Fyynmw4SNitdlnKh8VDPREhqHjc4UIEs%3D&reserved=0>>
opensaml::saml2md::MetadataException: Unable to locate metadata for identity provider (https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fshibboleth.bsu.edu%2Fsso&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350898198%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=6bntsZBuKa%2BOsAIBnwzScyfNWxbydw8FPflOQZd1fz0%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350898198%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=FjtIvYDPqEi%2BY6ju4wWpXRZzHzrv9U5jllZC%2BAt537Q%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792815525*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3D4N*2FGeG9j*2BRJTc7xG9gNy5gQW3x*2Fh05Q51awDAqtg37w*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396349225*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DDed1RdH6pxP6Ls05ALy*2BIltEWoMEHvnSKj3*2Fnkvh1t0*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtJMzrEUJw*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792825515*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3D2zozufWMjffWLJTOFeG44wXT7uoojaJoyMGRdVTKggc*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlLy8vPyUlJSUlJSUlJSUlKioqKiUlJSoqKioqKioqKioqKiUlJSoqKiUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2z2vTDJNw%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350908191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=8NJNXHprCu0QjMb45izO%2FAos15hYPC0HGFt%2BBhgIQx4%3D&reserved=0>>)
---------------------------------
For some reason it was still looking for the EntityID https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fshibboleth.bsu.edu%2Fsso&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350908191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=eS%2FvQqJdo4YDxi7xO3454IoHxIz1soi9ZpCQlRsVQcw%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396359220*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DQn0*2F*2BkrY6uEO5Pwq6*2BzApY1PSf3Y*2F15S00bfM*2FSHbts*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtILcV_u_g%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350908191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=96ZqMGSqucbuVKQDZWRsuP0UJaYg61ZivR9h3VNUXRM%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792825515*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3D9fDvvogl2wuLxsWfF1oDsI0bywRq*2FRgTjCL8CB7Z9vQ*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fshibboleth.bsu.edu*2Fsso*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396359220*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DQn0*2F*2BkrY6uEO5Pwq6*2BzApY1PSf3Y*2F15S00bfM*2FSHbts*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtILcV_u_g*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792825515*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3D76j1CxFnbiHGaDlD1MIzcUiCAXGcxhd9uAC6tcg2KNg*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJS8vLz8lJSUlJSUlJSUlJSoqKiolJSUqKioqKioqKioqKiolJSUqKioqKiolJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2zP-9cCmA%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350908191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=SpCahla5TPyvoB8NhrCu13s2kzDF37l0SfRP0rT8SWw%3D&reserved=0>>
I did a system reboot but got the same thing.
I reverted to the old files and we are working, but that will only last a couple of weeks before our cert expires for our old identity provider site and it goes down.
I am totally lost. is there somewhere else with shibboleth configuration data?
Thanks,
Paul
_______________________________________________
LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org
https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.lon-capa.org%2Fmailman%2Flistinfo%2Flon-capa-admin&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350908191%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=z5Hu3wQIn4jADfch%2BJoxiX1HcFjfOKPGU3rZQdAidzE%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fmailman*2Flistinfo*2Flon-capa-admin%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396359220*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DmpktbZjY0DGma4HNz51ndCTwqalkjOkGmvJ79S1IJj8*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtIBL3FgoA%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350918183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qYbT%2BaccJVY1ORhAe7Cc0Bub1NNJme80qWhr%2FvsPDFU%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fmailman*2Flistinfo*2Flon-capa-admin%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792825515*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DgdgWmUYtpM9cox*2BdCsRmQYbPoD*2FLeGxnzE627N601aU*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fmailman*2Flistinfo*2Flon-capa-admin*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396359220*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DmpktbZjY0DGma4HNz51ndCTwqalkjOkGmvJ79S1IJj8*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtIBL3FgoA*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792825515*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DdhPDmvRyjq08ih3M174qflFDMCbMszqFO4ykF3AwoUw*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJS8vLz8lJSUlJSUlJSUlJSoqKioqKiUlJSoqKioqKioqKioqKiUlJSolJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2zrXHOonQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350918183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=YN1m0nQThXSOmRV%2BuzNljj0u3BQ2%2FS7vvjUAawmZlag%3D&reserved=0>>
_______________________________________________
LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org
https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.lon-capa.org%2Fmailman%2Flistinfo%2Flon-capa-admin&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350918183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=bHXN9LvWbTY9gtDJTmgsV0zll8kDr70Zb8axBzChTjc%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fmailman*2Flistinfo*2Flon-capa-admin%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396359220*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000%26amp%3Bsdata%3DmpktbZjY0DGma4HNz51ndCTwqalkjOkGmvJ79S1IJj8*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtIBL3FgoA%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350918183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qYbT%2BaccJVY1ORhAe7Cc0Bub1NNJme80qWhr%2FvsPDFU%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fmailman*2Flistinfo*2Flon-capa-admin%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792825515*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DgdgWmUYtpM9cox*2BdCsRmQYbPoD*2FLeGxnzE627N601aU*3D%26amp%3Breserved%3D0*3Chttps%3A**Anam12.safelinks.protection.outlook.com**Aurl%3Dhttps*3A*2F*2Furldefense.com*2Fv3*2F__https*3A*2F*2Fnam12.safelinks.protection.outlook.com*2F*3Furl*3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fmailman*2Flistinfo*2Flon-capa-admin*26amp*3Bdata*3D04*7C01*7Cpneubauer*40bsu.edu*7C23e56acc816e48334a4208d8eeca2c4c*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C0*7C637521899396359220*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000*26amp*3Bsdata*3DmpktbZjY0DGma4HNz51ndCTwqalkjOkGmvJ79S1IJj8*3D*26amp*3Breserved*3D0__*3BJSUlJSUlJSUlJSUlJSUlJSUlJQ!!HXCxUKc!mwxaXXgMT_dJr9y4bdf14pDe3QVy-O4vf4ganh6meYGLrRNCXMI7vtIBL3FgoA*24%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792825515*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DdhPDmvRyjq08ih3M174qflFDMCbMszqFO4ykF3AwoUw*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSUlJS8vLz8lJSUlJSUlJSUlJSoqKioqKiUlJSoqKioqKioqKioqKiUlJSolJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2zrXHOonQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350928183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=hWCsXVkthjKlV5AkO%2BMwB25wkRUHQrlANbZ%2FjH4qmrM%3D&reserved=0>>
_______________________________________________
LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org
https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.lon-capa.org%2Fmailman%2Flistinfo%2Flon-capa-admin&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350928183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=xCt2R9YDDsKSHVlcAk%2F%2BtWywz0hca6ySOWqyx01bu3I%3D&reserved=0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fnam12.safelinks.protection.outlook.com%2F%3Furl%3Dhttp*3A*2F*2Fmail.lon-capa.org*2Fmailman*2Flistinfo*2Flon-capa-admin%26amp%3Bdata%3D04*7C01*7Cpneubauer*40bsu.edu*7C2d02f9e7f9c34b95811e08d8ef99f359*7C6fff909f07dc40da9e30fd7549c0f494*7C0*7C1*7C637522791792835512*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C2000%26amp%3Bsdata%3DzqBHhWFF436dAl*2BndKLNn41Sq3AnPrcYVL9bDS8plN8*3D%26amp%3Breserved%3D0__%3BJSUlJSUlJSUlJSUlJSUlJSUlJSU!!HXCxUKc!lt1PF0nCdogqcT_kzVHb3vZbezWwboFX6rS0lqBjBfqKwbmN2Vo8P2zFlV58iQ%24&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350928183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=bRo68Trs8yPAHZQeR8vL516iH8UWoGTgXhpIxinDK9Q%3D&reserved=0>
_______________________________________________
LON-CAPA-admin mailing list
LON-CAPA-admin at mail.lon-capa.org
https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.lon-capa.org%2Fmailman%2Flistinfo%2Flon-capa-admin&data=04%7C01%7Cpneubauer%40bsu.edu%7C858bacfa1847413a3ed308d8f20bed40%7C6fff909f07dc40da9e30fd7549c0f494%7C0%7C1%7C637525480350928183%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=xCt2R9YDDsKSHVlcAk%2F%2BtWywz0hca6ySOWqyx01bu3I%3D&reserved=0
More information about the LON-CAPA-admin
mailing list