The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.
UnauthorizedIDP
When metadata-related errors occur in the SP, a special error template is used, which by default includes a header indicating "Unauthorized Identity Provider".
The usual cause for this is an incoming SAML assertion/response from an issuer for which the SP has no metadata loaded. This means either the metadata is wrong, or the IdP in question is using the wrong providerId/entityID in its configuration, so the URI passed to the SP doesn't match what it expects.
More specific information is usually available from the shibd.log
file.