I've gotten a Shibboleth Server Provider (SP) up and running, and I'm using the TestShib Identity Provider (IdP) for testing.

The configuration appears to be all correct, and when I requested my secured directory I was sent to the IdP where I logged in and then was sent back to https://example.org/Shibboleth.sso/SAML2/POST where I am getting a generic error message.

Checking the logs, I am told:

found encrypted assertions, but no CredentialResolver was available

I have rechecked the configuration, and there I have:

<CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/>

Both of these files are present at those locations.

I've restarted apache and retried, but still get the same error.

I don't know if it makes a difference - but only a subdirectory of the site has been secured - the documentroot is publicly available.