SAML Application Inactive After Upgrade

Shibboleth v5 is more stringent when parsing SP metadata, if the application’s metadata file fails to parse after upgrade it will be set to inactive:

image-20260220-124927.png

Edit the application and change it to “active”, this will generate an error message from websecadmin. From the Tools menu, search for an error message from websecadmin:

image-20260220-125103.png

The message field will contain “Got non-business layer exception”:

image-20260220-125353.png

Expand the message and look at the stack trace:

image-20260220-125606.png

In this case the ‘index’ attribute is no longer considered valid for the SingleLogoutService element.

When we edit the metadata file we see that this is a “Binding” element, where both bindings in the metadata contiain the offending ‘index’ attribute:

Screenshot 2026-02-20 at 6.57.45 AM-20260220-125842.png

Delete the index=”0” from both bindings:

image-20260220-130244.png

Import the edited SP metadata in to the SAML application configuration and save. This should clear the error and allow the application to be switched back to “active”.




Last updated: