Hi Marek ,
I've registered with testshib, this is my keystone-apache-error.log log i get 
[error] [client 121.243.33.212] No MetadataProvider available., referer: 
https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO
From: aks...@outlook.com
To: openstack-dev@lists.openstack.org
Date: Fri, 27 Feb 2015 15:56:57 +0530
Subject: [openstack-dev] Need help in configuring keystone




Hi I'm new to SAML, trying to integrate keystone with SAML, Im using Ubuntu 
12.04 with Icehouse,im following http://docs.openstack.org/developer/k...when 
im trying to configure keystone with two idp,when i access 
https://MYSERVER:5000/v3/OS-FEDERATIO...it gets redirected to testshib.org , it 
prompts for username and password when the same is given im 
gettingshibsp::ConfigurationException at ( 
https://MYSERVER:5000/Shibboleth.sso/... ) No MetadataProvider available.here 
is my shibboleth2.xml content<SPConfig 
xmlns="urn:mace:shibboleth:2.0:native:sp:config"
    xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    clockSkew="180">

    <ApplicationDefaults entityID="https://MYSERVER:5000/Shibboleth";>
        <Sessions lifetime="28800" timeout="3600" checkAddress="false" 
relayState="ss:mem" handlerSSL="false">
            <SSO entityID="https://idp.testshib.org/idp/shibboleth"; ECP="true">
                SAML2 SAML1
            </SSO>

            <Logout>SAML2 Local</Logout>

            <Handler type="MetadataGenerator" Location="/Metadata" 
signing="false"/>
            <Handler type="Status" Location="/Status" />
            <Handler type="Session" Location="/Session" 
showAttributeValues="false"/>
            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
        </Sessions>

        <Errors supportContact="root@localhost"
            logoLocation="/shibboleth-sp/logo.jpg"
            styleSheet="/shibboleth-sp/main.css"/>

        <AttributeExtractor type="XML" validate="true" 
path="attribute-map.xml"/>
        <AttributeResolver type="Query" subjectMatch="true"/>
        <AttributeFilter type="XML" validate="true" 
path="attribute-policy.xml"/>
        <CredentialResolver type="File" key="sp-key.pem" 
certificate="sp-cert.pem"/>

        <ApplicationOverride id="idp_1" 
entityID="https://MYSERVER:5000/Shibboleth";>

            <Sessions lifetime="28800" timeout="3600" checkAddress="false"
            relayState="ss:mem" handlerSSL="false">
                <SSO 
entityID="https://portal4.mss.internalidp.com/idp/shibboleth"; ECP="true">
                    SAML2 SAML1
                </SSO>
                <Logout>SAML2 Local</Logout>
            </Sessions>

            <MetadataProvider type="XML" 
uri="https://portal4.mss.internalidp.com/idp/shibboleth";
             backingFilePath="/tmp/tata.xml" reloadInterval="180000" />
        </ApplicationOverride>

        <ApplicationOverride id="idp_2" 
entityID="https://MYSERVER:5000/Shibboleth";>
            <Sessions lifetime="28800" timeout="3600" checkAddress="false"
            relayState="ss:mem" handlerSSL="false">
                <SSO entityID="https://idp.testshib.org/idp/shibboleth"; 
ECP="true">
                    SAML2 SAML1
                </SSO>

                <Logout>SAML2 Local</Logout>
            </Sessions>

            <MetadataProvider type="XML" 
uri="https://idp.testshib.org/idp/shibboleth";  
            backingFilePath="/tmp/testshib.xml" reloadInterval="180000"/>
        </ApplicationOverride>
    </ApplicationDefaults>

    <SecurityPolicyProvider type="XML" validate="true" 
path="security-policy.xml"/>
    <ProtocolProvider type="XML" validate="true" reloadChanges="false" 
path="protocols.xml"/>
</SPConfig>here is my wsgi-keystoneWSGIScriptAlias /keystone/main  
/var/www/cgi-bin/keystone/main
WSGIScriptAlias /keystone/admin  /var/www/cgi-bin/keystone/admin

<Location "/keystone">
# NSSRequireSSL
SSLRequireSSL
Authtype none
</Location>

<Location /Shibboleth.sso>
    SetHandler shib
</Location>

<Location /v3/OS-FEDERATION/identity_providers/idp_1/protocols/saml2/auth>
    ShibRequestSetting requireSession 1
    ShibRequestSetting applicationId idp_1
    AuthType shibboleth
    ShibRequireAll On
    ShibRequireSession On
    ShibExportAssertion Off
    Require valid-user
</Location>

<Location /v3/OS-FEDERATION/identity_providers/idp_2/protocols/saml2/auth>
    ShibRequestSetting requireSession 1
    ShibRequestSetting applicationId idp_2
    AuthType shibboleth
    ShibRequireAll On
    ShibRequireSession On
    ShibExportAssertion Off
    Require valid-user
</Location>                                       

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev               
                          
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to