Exception: "The partner identity provider example.org is not configured"

This seems to be a popular error of late. I have tracing enabled, so I can send along that log in it’s entirety if it’ll be helpful. It looks like the values of metadata entityID matches the saml.config name property, which matches the value of Issuer in the response, so … I’m stumped. I’ve used this same code in a half-dozen or more SAML integrations without issue, but I’m really stuck this time around.

iDP metadata (anonymized)

<EntityDescriptor xmlns=“urn:oasis:names:tc:SAML:2.0:metadata”
xmlns:ds=“<a href=“http://www.w3.org/2000/09/xmldsig#””>http://www.w3.org/2000/09/xmldsig#“
xmlns:shibmd=“urn:mace:shibboleth:metadata:1.0”
xmlns:xsi=” “>http://www.w3.org/2001/XMLSchema-instance” entityID=“https://login-test.cc.example.org/idp/shibboleth”>


<shibmd:Scope regexp=“false”>example.org</shibmd:Scope>


ds:KeyInfo
ds:X509Data
ds:X509Certificate

</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>

urn:oasis:names:tc:SAML:2.0:nameid-format:transient
<SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=“”>https://login-test.cc.example.org/idp/profile/SAML2/POST/SSO"/>
<SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign” Location=“”>https://login-test.cc.example.org/idp/profile/SAML2/POST-SimpleSign/SSO"/>
<SingleSignOnService Binding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect” Location=“”>https://login-test.cc.example.org/idp/profile/SAML2/Redirect/SSO"/>



My saml.config file - I’ve verified that this is the file being read (based on messages in the trace file):

The response from the idP looks like this (in part - I’ve trimmed signatures, and most of the assertion out)

ID=“_f4fa858382d868a92357cd2894bd194f”

InResponseTo=“_3a733731-7104-4b94-9c99-3992a41bd45f”

IssueInstant=“2019-02-01T19:12:24.427Z”

Version=“2.0”

xmlns:saml2p=“urn:oasis:names:tc:SAML:2.0:protocol”>

<saml2:Issuer xmlns:saml2=“urn:oasis:names:tc:SAML:2.0:assertion”>https://login-test.cc.example.org/idp/shibboleth</saml2:Issuer>
saml2p:Status
<saml2p:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” />
</saml2p:Status>
<saml2:Assertion ID=“_cbf3eb4e952aeed9a509fda1a6af1bd1”

IssueInstant=“2019-02-01T19:12:24.427Z”
Version=“2.0”
xmlns:saml2=“urn:oasis:names:tc:SAML:2.0:assertion”>
saml2:Issuerhttps://login-test.cc.example.org/idp/shibboleth</saml2:Issuer>

Your understanding is correct.
Issuer = EntityID = Partner Provider Name
From the information provided, I’m not sure why there’s a mismatch.
Please send the log file as an email attachment to support@componentspace.com mentioning your forum post.

Thanks for the assistance - we were getting only a username back from the IdP, and no attributes; I suspect (but can't confirm) that we were getting a null value back for the attribute dictionary, and that was causing exceptions. Mind you, we have a somewhat older version of the library, and this may no longer be relevant to others.

In any event, we had the owner of the IdP add at least one attribute to the assertion, and we're checking for null in the dictionary, just to be on the safe side.

Thanks for the update.
Both those steps make sense.