The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

UnauthorizedIDP

When metadata-related errors occur in the SP, a special error template is used, which by default includes a header indicating "Unauthorized Identity Provider".

The usual cause for this is an incoming SAML assertion/response from an issuer for which the SP has no metadata loaded. This means either the metadata is wrong, or the IdP in question is using the wrong providerId/entityID in its configuration, so the URI passed to the SP doesn't match what it expects.

More specific information is usually available from the shibd.log file.