Hostname Setting
Check the hostname in the /opt/shibboleth-idp/conf/relying-party.xml
<!-- ========================================== --> <!-- Relying Party Configurations --> <!-- ========================================== --> <rp:AnonymousRelyingParty provider="https://idp.example.asia/idp/shibboleth" ↑IdP Hostname defaultSigningCredentialRef="IdPCredential"> <rp:DefaultRelyingParty provider="https://idp.example.asia/idp/shibboleth" ↑IdP Hostname defaultSigningCredentialRef="IdPCredential">
Metadata Load Setting
Edit /opt/shibboleth-idp/conf/relying-party.xml
SP Metadata file will be prepared in the SP section.
<!-- ========================================== --> <!-- Metadata Configuration --> <!-- ========================================== -->
<snip>
<!-- Example metadata provider. -->
<!-- Reads metadata from a URL and store a backup copy on the file system. -->
<!-- Validates the signature of the metadata and filters out all by SP entities in order to save memory -->
<!-- To use: fill in 'metadataURL' and 'backingFile' properties on MetadataResource element -->
<!-- --> ←Add comment end
<metadata:MetadataProvider id="URLMD" xsi:type="metadata:FileBackedHTTPMetadataProvider"
metadataURL="http://sp.example.asia/metadata/sp-metadata.xml"
↑URL of SP metadata
backingFile="/opt/shibboleth-idp/metadata/sp-example-asia-metadata.xml">
↑backup file name of SP metadata
<!-- ← Add comment start
<metadata:MetadataFilter xsi:type="metadata:ChainingFilter">
<metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil"
maxValidityInterval="P7D" />
<metadata:MetadataFilter xsi:type="metadata:SignatureValidation"
trustEngineRef="shibboleth.MetadataTrustEngine"
requireSignedMetadata="true" />
<metadata:MetadataFilter xsi:type="metadata:EntityRoleWhiteList">
<metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole>
</metadata:MetadataFilter>
</metadata:MetadataFilter>
--> ←Add comment end
</metadata:MetadataProvider>
<!-- --> ← Add comment start
If the metadata directory owner is not yet modified, please operate following command.
# chown -R tomcat /opt/shibboleth-idp/metadata/