shibboleth-dev - Re: testing the one-hop validation scenario
Subject: Shibboleth Developers
List archive
- From:
- To: Shibboleth Design Team <>
- Subject: Re: testing the one-hop validation scenario
- Date: Sat, 7 Jun 2003 11:34:17 -0400
At 2:26 AM -0700 6/7/03, RL 'Bob' Morgan wrote:
Hmm, well that's a puzzle. When I try your target
http://pluto.services.brown.edu/shib-test/
with the UW origin (on shib.cac.washington.edu) it fails (browser hangs
waiting for the shire). I'm fairly sure trying this killed your target's
shar again (as it doesn't work with any origin now). How it could work
for you and not me is a definitely hard to understand. I'm testing with
Mozilla ... ?
yea, my shar is dead... here's the log file (looks a lot like yours....), followed by logs from last night that worked......... (from brown and uwash)
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: creating session for 12.231.112.60
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: shire location: http://pluto.services.brown.edu/shibboleth/SH
IRE
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: create the POST profile (1 policies)
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: shire location: http://pluto.services.brown.edu/shibboleth/SH
IRE
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: create the POST profile (1 policies)
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: Trying to accept the post
2003-06-07 05:13:15 DEBUG SAML.SAMLPOSTProfile [21] new_session: accept: decoded assertion:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasi
s:names:tc:SAML:1.0:protocol" IssueInstant="2003-06-07T09:13:10Z" MajorVersion="1" MinorVersion="1" Recipient="http://pluto.ser
vices.brown.edu/shibboleth/SHIRE" ResponseID="e3410b1b9829e7d2e6e31ac6e3c970c6"><ds:Signature xmlns:ds="http://www.w3.org/2000/
09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#e3410b1b9829e7d2e6e31ac6e3c970c6">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/x
ml-exc-c14n#" PrefixList="#default code ds kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>Nlg8PJv9gzcwO8cozhXkE9Vr9T4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
d+GCW/VBQx+kH1r4wknVXWz8oy/36jfGLndxJYXt0hmoYFCd+fUmHWFu4N9QWzcdB5M8dR5DKewx
TxtJy9+zqEunFaDoqlOaC6OjJj17T3apLF1/pIdaG9+U13B3H/XngY5OscHUiTBYWt3g7v2lEI32
V4T1QJFbOEG0u2lp+54=
</ds:SignatureValue>
<ds:KeyInfo>
(lots of certs)
</ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:t
c:SAML:1.0:assertion" AssertionID="d1b7190eb1d864ec4a5f3f5eef0a4e86" IssueInstant="2003-06-07T09:13:10Z" Issuer="shib.cac.washi
ngton.edu" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2003-06-07T09:13:10Z" NotOnOrAfter="2003-06-07T09:18:10Z"><
AudienceRestrictionCondition><Audience>urn:mace:incommon:pilot</Audience></AudienceRestrictionCondition></Conditions><Authentic
ationStatement AuthenticationInstant="2003-06-07T09:13:10Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><Sub
ject><NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="urn:mace:incommon:pilot:washington.edu">663
9b329-cbcf-4247-a991-9362b378fcb6</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:beare
r</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality IPAddress="12.231.112.60"></SubjectLocality><AuthorityBi
nding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.c
ac.washington.edu/shibboleth/AA"></AuthorityBinding></AuthenticationStatement></Assertion></Response>
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: Get the SSOAssertion
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: check replay cache
2003-06-07 05:13:15 DEBUG shibtarget.rpc-server [21] new_session: get SSOStatement
2003-06-07 05:13:15 INFO shibtarget.rpc-server [21] new_session: Creating new session
------- here's some log file from last night -------------------------------------
it starts with me using the brown origin, followed by someone using the u-wash origin (probably me)
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: creating session for 68.9.253.226
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: shire location: http://pluto.services.brown.edu/shibboleth/SHI
RE
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: create the POST profile (1 policies)
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: Trying to accept the post
2003-06-06 22:01:27 DEBUG SAML.SAMLPOSTProfile [0] new_session: accept: decoded assertion:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasi
s:names:tc:SAML:1.0:protocol" IssueInstant="2003-06-07T02:01:24Z" MajorVersion="1" MinorVersion="1" Recipient="http://pluto.ser
vices.brown.edu/shibboleth/SHIRE" ResponseID="af6f462d7ddc709a4dd3ec8df59051de"><ds:Signature xmlns:ds="http://www.w3.org/2000/
09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#af6f462d7ddc709a4dd3ec8df59051de">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/x
ml-exc-c14n#" PrefixList="#default code ds kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>wRbTuzVALyV6Nvo9A39BC0wcadU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
fovnk2yqITi72v7vFCeDfOWZ1GZC6P+udhjgLbW3VnzLLCuXGQC0tMQkylVu/g2akcdfmeTmdzHN
amR4XdH7gJy3rbeYxfP+zrIYUKtzFXxMtOAApyiMSeTMKp7LDNYFk0VlNWhaFOHclvCz4SPY4xGK
JpK5tVshPis1eP0jvSc=
</ds:SignatureValue>
<ds:KeyInfo>
(three cert's)
</ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:t
c:SAML:1.0:assertion" AssertionID="b2902e3f0c143cd5065044bc2220e3dc" IssueInstant="2003-06-07T02:01:24Z" Issuer="pluto.services
.brown.edu" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2003-06-07T02:01:24Z" NotOnOrAfter="2003-06-07T02:06:24Z">
<AudienceRestrictionCondition><Audience>urn:mace:incommon:pilot</Audience><Audience>urn:example:com:exampleClub</Audience></Aud
ienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant="2003-06-07T02:01:24Z" AuthenticationMeth
od="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQu
alifier="urn:mace:incommon:pilot:brown.edu">2c856971-7051-42c7-ad07-09756410e9ab</NameIdentifier><SubjectConfirmation><Confirma
tionMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality IPAddress
="68.9.253.226"></SubjectLocality><AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:b
indings:SOAP-binding" Location="http://pluto.services.brown.edu/shibboleth/AA";></AuthorityBinding></AuthenticationStatement></A
ssertion></Response>
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: Get the SSOAssertion
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: check replay cache
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: get SSOStatement
2003-06-06 22:01:27 INFO shibtarget.rpc-server [0] new_session: Creating new session
2003-06-06 22:01:27 DEBUG shibtarget.InternalCCache [0] new_session: caching new entry for "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:27 INFO shibtarget::InternalCCacheEntry [0] new_session: New Session Created...
2003-06-06 22:01:27 DEBUG shibtarget::InternalCCacheEntry [0] new_session: Handle: "2c856971-7051-42c7-ad07-09756410e9ab", Site
: "urn:mace:incommon:pilot:brown.edu", Address: 68.9.253.226
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [0] new_session: new session id: a4386498e7df2f4e7fa7bfba1a3fcebd
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [1] session_is_valid: checking: (
checkAddr=false)
2003-06-06 22:01:27 DEBUG shibtarget.InternalCCache [1] session_is_valid: Find: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:27 DEBUG shibtarget.InternalCCache [1] session_is_valid: FindI: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:27 DEBUG shibtarget.InternalCCache [1] session_is_valid: Match Found.
2003-06-06 22:01:27 DEBUG shibtarget::InternalCCacheEntry [1] session_is_valid isSessionValid: test session 2c856971-7051-42c7-
ad07-09756410e9ab@urn:mace:incommon:pilot:brown.edu,
(lifetime=-1, timeout=-1)
2003-06-06 22:01:27 DEBUG shibtarget.rpc-server [1] session_is_valid: resource: http://pluto.services.brown.edu/shib-test/
2003-06-06 22:01:27 INFO shibtarget.Resource [1] session_is_valid: creating resource: "http://pluto.services.brown.edu/shib-tes
t/" -> "http://pluto.services.brown.edu";
2003-06-06 22:01:27 DEBUG shibtarget.Resource [1] session_is_valid: server is "pluto.services.brown.edu"
2003-06-06 22:01:27 DEBUG shibtarget.Resource [1] session_is_valid: No request-attributes found
2003-06-06 22:01:27 DEBUG shibtarget::InternalCCacheEntry [1] session_is_valid preFetch populate: populating entry for http://p
luto.services.brown.edu (http://pluto.services.brown.edu/shib-test/)
2003-06-06 22:01:27 DEBUG shibtarget::InternalCCacheEntry [1] session_is_valid preFetch populate: find: http://pluto.services.b
rown.edu
2003-06-06 22:01:27 DEBUG shibtarget::InternalCCacheEntry [1] session_is_valid preFetch populate: no match found
2003-06-06 22:01:27 INFO shibtarget::InternalCCacheEntry [1] session_is_valid preFetch populate: trying to request attributes f
or 2c856971-7051-42c7-ad07-09756410e9ab@urn:mace:incommon:pilot:brown.edu -> http://pluto.services.brown.edu/shib-test/
2003-06-06 22:01:27 DEBUG shibtarget::ResourceEntry [1] session_is_valid preFetch populate ResourceEntry(): Trying binding...
2003-06-06 22:01:27 DEBUG shibtarget.InternalCCache [1] session_is_valid preFetch populate ResourceEntry(): looking for binding
...
2003-06-06 22:01:27 DEBUG shibtarget.InternalCCache [1] session_is_valid preFetch populate ResourceEntry(): https binding found
2003-06-06 22:01:27 DEBUG shibtarget::ResourceEntry [1] session_is_valid preFetch populate ResourceEntry(): Sending request
2003-06-06 22:01:27 DEBUG shibtarget.InternalCCache [1] session_is_valid preFetch populate ResourceEntry(): https binding found
2003-06-06 22:01:27 DEBUG shibtarget::ResourceEntry [1] session_is_valid preFetch populate ResourceEntry(): Sending request
2003-06-06 22:01:27 DEBUG SAML.SAMLSOAPBinding [1] session_is_valid preFetch populate ResourceEntry() send: input to AA: <Envel
ope xmlns="http://schemas.xmlsoap.org/soap/envelope/";><Body><Request xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="u
rn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2003-06-07T02:01:27Z" Ma
jorVersion="1" MinorVersion="1" RequestID="c72dad004eb24cc4680ab4c33f644951"><AttributeQuery Resource="http://pluto.services.br
own.edu/shib-test/"><Subject xmlns="urn:oasis:names:tc:SAML:1.0:assertion"><NameIdentifier Format="urn:mace:shibboleth:1.0:name
Identifier" NameQualifier="urn:mace:incommon:pilot:brown.edu">2c856971-7051-42c7-ad07-09756410e9ab</NameIdentifier><SubjectConf
irmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></Attrib
uteQuery></Request></Body></Envelope>
2003-06-06 22:01:30 DEBUG SAML.SAMLSOAPBinding [1] session_is_valid preFetch populate ResourceEntry() send: received from AA: <
soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="ht
tp://www.w3.org/2001/XMLSchema-instance"><soap:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasi
s:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="c72dad004eb24cc4680ab4c33f64495
1" IssueInstant="2003-06-07T02:01:30Z" MajorVersion="1" MinorVersion="1" ResponseID="ec5c153f62ce69cc5153bda15b8da5ee"><Status>
<StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="c
2044bcb5327d4a9198a3a7a86597244" IssueInstant="2003-06-07T02:01:30Z" Issuer="pluto.services.brown.edu" MajorVersion="1" MinorVe
rsion="1"><Conditions NotBefore="2003-06-07T02:01:30Z"><AudienceRestrictionCondition><Audience>urn:mace:incommon:pilot</Audienc
e><Audience>urn:example:com:exampleClub</Audience></AudienceRestrictionCondition></Conditions><AttributeStatement><Subject><Nam
eIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="urn:mace:incommon:pilot:brown.edu">2c856971-7051-42c
7-ad07-09756410e9ab</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</Confirmatio
nMethod></SubjectConfirmation></Subject><Attribute xmlns:typens="urn:mace:shibboleth:1.0" AttributeName="urn:mace:eduPerson:1.0
:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><AttributeValue Scope="shibdev
.edu" xsi:type="typens:AttributeValueType">member</AttributeValue></Attribute></AttributeStatement></Assertion></Response></soa
p:Body></soap:Envelope>
2003-06-06 22:01:30 WARN Shibboleth.ScopedAttribute [1] session_is_valid preFetch populate ResourceEntry() send fromDOM fromDOM
accept: rejecting value with scope of shibdev.edu
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [1] session_is_valid preFetch populate: inserting http://pluto.servic
es.brown.edu
2003-06-06 22:01:30 INFO shibtarget::InternalCCacheEntry [1] session_is_valid preFetch populate: fetched and stored SAML respon
se
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [1] session_is_valid: session ok
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [2] get_assertions: get attrs for client at 68.9.253.226
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [2] get_assertions: cookie: a4386498e7df2f4e7fa7bfba1a3fcebd
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [2] get_assertions: resource: http://pluto.services.brown.edu/shib-test/
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [2] get_assertions: Find: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [2] get_assertions: FindI: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [2] get_assertions: Match Found.
2003-06-06 22:01:30 INFO shibtarget.Resource [2] get_assertions: creating resource: "http://pluto.services.brown.edu/shib-test/
" -> "http://pluto.services.brown.edu";
2003-06-06 22:01:30 DEBUG shibtarget.Resource [2] get_assertions: server is "pluto.services.brown.edu"
2003-06-06 22:01:30 DEBUG shibtarget.Resource [2] get_assertions: No request-attributes found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [2] get_assertions getAssertions populate: populating entry for http:
//pluto.services.brown.edu (http://pluto.services.brown.edu/shib-test/)
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [2] get_assertions getAssertions populate: find: http://pluto.service
s.brown.edu
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [2] get_assertions getAssertions populate: populating entry for http:
//pluto.services.brown.edu (http://pluto.services.brown.edu/shib-test/)
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [2] get_assertions getAssertions populate: find: http://pluto.service
s.brown.edu
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [2] get_assertions getAssertions populate: match found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [2] get_assertions getAssertions populate: found resource
2003-06-06 22:01:30 INFO shibtarget::ResourceEntry [2] get_assertions getAssertions populate isValid: checking validity
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [2] get_assertions getAssertions populate isValid: testing assertion...
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [2] get_assertions getAssertions populate isValid: yep, all still valid
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [2] get_assertions: returning
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [3] session_is_valid: checking: (
checkAddr=false)
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [3] session_is_valid: Find: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [3] session_is_valid: FindI: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [3] session_is_valid: Match Found.
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [3] session_is_valid isSessionValid: test session 2c856971-7051-42c7-
ad07-09756410e9ab@urn:mace:incommon:pilot:brown.edu,
(lifetime=-1, timeout=-1)
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [3] session_is_valid: resource: http://pluto.services.brown.edu/shib-test/index
.html
2003-06-06 22:01:30 INFO shibtarget.Resource [3] session_is_valid: creating resource: "http://pluto.services.brown.edu/shib-tes
t/index.html" -> "http://pluto.services.brown.edu";
2003-06-06 22:01:30 DEBUG shibtarget.Resource [3] session_is_valid: server is "pluto.services.brown.edu"
2003-06-06 22:01:30 DEBUG shibtarget.Resource [3] session_is_valid: No request-attributes found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [3] session_is_valid preFetch populate: populating entry for http://p
luto.services.brown.edu (http://pluto.services.brown.edu/shib-test/index.html)
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [3] session_is_valid preFetch populate: find: http://pluto.services.b
rown.edu
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [3] session_is_valid preFetch populate: match found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [3] session_is_valid preFetch populate: found resource
2003-06-06 22:01:30 INFO shibtarget::ResourceEntry [3] session_is_valid preFetch populate isValid: checking validity
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [3] session_is_valid preFetch populate isValid: testing assertion...
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [3] session_is_valid preFetch populate isValid: yep, all still valid
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [3] session_is_valid: session ok
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [4] get_assertions: get attrs for client at 68.9.253.226
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [4] get_assertions: cookie: a4386498e7df2f4e7fa7bfba1a3fcebd
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [4] get_assertions: resource: http://pluto.services.brown.edu/shib-test/index.h
tml
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [4] get_assertions: Find: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [4] get_assertions: FindI: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [4] get_assertions: Match Found.
2003-06-06 22:01:30 INFO shibtarget.Resource [4] get_assertions: creating resource: "http://pluto.services.brown.edu/shib-test/
index.html" -> "http://pluto.services.brown.edu";
2003-06-06 22:01:30 DEBUG shibtarget.Resource [4] get_assertions: server is "pluto.services.brown.edu"
2003-06-06 22:01:30 DEBUG shibtarget.Resource [4] get_assertions: No request-attributes found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [4] get_assertions getAssertions populate: populating entry for http:
//pluto.services.brown.edu (http://pluto.services.brown.edu/shib-test/index.html)
2003-06-06 22:01:30 DEBUG shibtarget.Resource [4] get_assertions: No request-attributes found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [4] get_assertions getAssertions populate: populating entry for http:
//pluto.services.brown.edu (http://pluto.services.brown.edu/shib-test/index.html)
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [4] get_assertions getAssertions populate: find: http://pluto.service
s.brown.edu
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [4] get_assertions getAssertions populate: match found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [4] get_assertions getAssertions populate: found resource
2003-06-06 22:01:30 INFO shibtarget::ResourceEntry [4] get_assertions getAssertions populate isValid: checking validity
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [4] get_assertions getAssertions populate isValid: testing assertion...
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [4] get_assertions getAssertions populate isValid: yep, all still valid
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [4] get_assertions: returning
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [5] session_is_valid: checking: (
checkAddr=false)
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [5] session_is_valid: Find: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [5] session_is_valid: FindI: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [5] session_is_valid: Match Found.
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [5] session_is_valid isSessionValid: test session 2c856971-7051-42c7-
ad07-09756410e9ab@urn:mace:incommon:pilot:brown.edu,
(lifetime=-1, timeout=-1)
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [5] session_is_valid: resource: http://pluto.services.brown.edu/shib-test/index
.html
2003-06-06 22:01:30 INFO shibtarget.Resource [5] session_is_valid: creating resource: "http://pluto.services.brown.edu/shib-tes
t/index.html" -> "http://pluto.services.brown.edu";
2003-06-06 22:01:30 DEBUG shibtarget.Resource [5] session_is_valid: server is "pluto.services.brown.edu"
2003-06-06 22:01:30 DEBUG shibtarget.Resource [5] session_is_valid: No request-attributes found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [5] session_is_valid preFetch populate: populating entry for http://p
luto.services.brown.edu (http://pluto.services.brown.edu/shib-test/index.html)
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [5] session_is_valid preFetch populate: find: http://pluto.services.b
rown.edu
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [5] session_is_valid preFetch populate: match found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [5] session_is_valid preFetch populate: found resource
2003-06-06 22:01:30 INFO shibtarget::ResourceEntry [5] session_is_valid preFetch populate isValid: checking validity
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [5] session_is_valid preFetch populate isValid: testing assertion...
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [5] session_is_valid preFetch populate isValid: yep, all still valid
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [5] session_is_valid: session ok
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [6] get_assertions: get attrs for client at 68.9.253.226
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [6] get_assertions: cookie: a4386498e7df2f4e7fa7bfba1a3fcebd
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [6] get_assertions: resource: http://pluto.services.brown.edu/shib-test/index.h
tml
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [6] get_assertions: Find: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [6] get_assertions: FindI: "a4386498e7df2f4e7fa7bfba1a3fcebd"
2003-06-06 22:01:30 DEBUG shibtarget.InternalCCache [6] get_assertions: Match Found.
2003-06-06 22:01:30 INFO shibtarget.Resource [6] get_assertions: creating resource: "http://pluto.services.brown.edu/shib-test/
index.html" -> "http://pluto.services.brown.edu";
2003-06-06 22:01:30 DEBUG shibtarget.Resource [6] get_assertions: server is "pluto.services.brown.edu"
2003-06-06 22:01:30 DEBUG shibtarget.Resource [6] get_assertions: No request-attributes found
@
2003-06-06 22:01:30 DEBUG shibtarget.Resource [6] get_assertions: server is "pluto.services.brown.edu"
2003-06-06 22:01:30 DEBUG shibtarget.Resource [6] get_assertions: No request-attributes found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [6] get_assertions getAssertions populate: populating entry for http:
//pluto.services.brown.edu (http://pluto.services.brown.edu/shib-test/index.html)
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [6] get_assertions getAssertions populate: find: http://pluto.service
s.brown.edu
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [6] get_assertions getAssertions populate: match found
2003-06-06 22:01:30 DEBUG shibtarget::InternalCCacheEntry [6] get_assertions getAssertions populate: found resource
2003-06-06 22:01:30 INFO shibtarget::ResourceEntry [6] get_assertions getAssertions populate isValid: checking validity
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [6] get_assertions getAssertions populate isValid: testing assertion...
2003-06-06 22:01:30 DEBUG shibtarget::ResourceEntry [6] get_assertions getAssertions populate isValid: yep, all still valid
2003-06-06 22:01:30 DEBUG shibtarget.rpc-server [6] get_assertions: returning
2003-06-06 22:02:46 INFO shibtarget.InternalCCache InternalCCache::cleanup(): Cleanup thread running...
2003-06-06 22:02:46 INFO shibtarget.InternalCCache InternalCCache::cleanup(): deleting 0 old items.
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: creating session for 68.9.253.226
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: shire location: http://pluto.services.brown.edu/shibboleth/SHI
RE
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: create the POST profile (1 policies)
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: Trying to accept the post
2003-06-06 22:05:38 DEBUG SAML.SAMLPOSTProfile [7] new_session: accept: decoded assertion:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasi
s:names:tc:SAML:1.0:protocol" IssueInstant="2003-06-07T02:05:35Z" MajorVersion="1" MinorVersion="1" Recipient="http://pluto.ser
vices.brown.edu/shibboleth/SHIRE" ResponseID="da7e2afa84a80a12276c29b4e8bbf517"><ds:Signature xmlns:ds="http://www.w3.org/2000/
09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#da7e2afa84a80a12276c29b4e8bbf517">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/x
ml-exc-c14n#" PrefixList="#default code ds kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>9XxUXmYDj0GpkOyDKNCggilXoB4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
SG+F5tpxNKd0z+2agrtFdfrxmOwP2m6iKENJMAhIsYyHC8gi+JX6DwR0eYY9XBsH4a/+5XkgsKvS
zq2SSqrDZ4tCFyxH9hqhiAh1IMoCSfzEUiPLDNuqPwIwhcEure/kJkpGK7rBfbOUSte1an9P46oS
QivR5L2r0JApoyyEBpI=
</ds:SignatureValue>
<ds:KeyInfo>
(some certs)
</ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:t
c:SAML:1.0:assertion" AssertionID="e7c1d730ea6dadec6981b5f3913b1678" IssueInstant="2003-06-07T02:05:35Z" Issuer="shib.cac.washi
ngton.edu" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2003-06-07T02:05:35Z" NotOnOrAfter="2003-06-07T02:10:35Z"><
AudienceRestrictionCondition><Audience>urn:mace:incommon:pilot</Audience></AudienceRestrictionCondition></Conditions><Authentic
ationStatement AuthenticationInstant="2003-06-07T02:05:35Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><Sub
ject><NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="urn:mace:incommon:pilot:washington.edu">c8f
e566e-8c4b-489b-b4a8-0c3e4dae652f</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:beare
r</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality IPAddress="68.9.253.226"></SubjectLocality><AuthorityBin
ding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://shib.ca
c.washington.edu/shibboleth/AA"></AuthorityBinding></AuthenticationStatement></Assertion></Response>
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: Get the SSOAssertion
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: check replay cache
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: get SSOStatement
2003-06-06 22:05:38 INFO shibtarget.rpc-server [7] new_session: Creating new session
2003-06-06 22:05:38 DEBUG shibtarget.InternalCCache [7] new_session: caching new entry for "b6fe8cc296f6951e02a19edc1ec30e01"
2003-06-06 22:05:38 INFO shibtarget::InternalCCacheEntry [7] new_session: New Session Created...
2003-06-06 22:05:38 DEBUG shibtarget::InternalCCacheEntry [7] new_session: Handle: "c8fe566e-8c4b-489b-b4a8-0c3e4dae652f", Site
: "urn:mace:incommon:pilot:washington.edu", Address: 68.9.253.226
2003-06-06 22:05:38 DEBUG shibtarget.rpc-server [7] new_session: new session id: b6fe8cc296f6951e02a19edc1ec30e01
2003-06-06 22:05:39 DEBUG shibtarget.rpc-server [8] session_is_valid: checking: (
checkAddr=false)
2003-06-06 22:05:39 DEBUG shibtarget.InternalCCache [8] session_is_valid: Find: "b6fe8cc296f6951e02a19edc1ec30e01"
2003-06-06 22:05:39 DEBUG shibtarget.InternalCCache [8] session_is_valid: FindI: "b6fe8cc296f6951e02a19edc1ec30e01"
2003-06-06 22:05:39 DEBUG shibtarget.InternalCCache [8] session_is_valid: Match Found.
2003-06-06 22:05:39 DEBUG shibtarget::InternalCCacheEntry [8] session_is_valid isSessionValid: test session c8fe566e-8c4b-489b-
b4a8-0c3e4dae652f@urn:mace:incommon:pilot:washington.edu, (lifetime=-1, timeout=-1)
2003-06-06 22:05:39 DEBUG shibtarget.rpc-server [8] session_is_valid: resource: http://pluto.services.brown.edu/shib-test/
2003-06-06 22:05:39 INFO shibtarget.Resource [8] session_is_valid: creating resource: "http://pluto.services.brown.edu/shib-tes
t/" -> "http://pluto.services.brown.edu";
2003-06-06 22:05:39 DEBUG shibtarget.Resource [8] session_is_valid: server is "pluto.services.brown.edu"
2003-06-06 22:05:39 DEBUG shibtarget.Resource [8] session_is_valid: No request-attributes found
2003-06-06 22:05:39 DEBUG shibtarget::InternalCCacheEntry [8] session_is_valid preFetch populate: populating entry for http://p
luto.services.brown.edu (http://pluto.services.brown.edu/shib-test/)
2003-06-06 22:05:39 DEBUG shibtarget::InternalCCacheEntry [8] session_is_valid preFetch populate: find: http://pluto.services.b
rown.edu
2003-06-06 22:05:39 DEBUG shibtarget::InternalCCacheEntry [8] session_is_valid preFetch populate: no match found
2003-06-06 22:05:39 INFO shibtarget::InternalCCacheEntry [8] session_is_valid preFetch populate: trying to request attributes f
or c8fe566e-8c4b-489b-b4a8-0c3e4dae652f@urn:mace:incommon:pilot:washington.edu -> http://pluto.services.brown.edu/shib-test/
2003-06-06 22:05:39 DEBUG shibtarget::ResourceEntry [8] session_is_valid preFetch populate ResourceEntry(): Trying binding...
2003-06-06 22:05:39 DEBUG shibtarget.InternalCCache [8] session_is_valid preFetch populate ResourceEntry(): looking for binding
...
2003-06-06 22:05:39 DEBUG shibtarget.InternalCCache [8] session_is_valid preFetch populate ResourceEntry(): https binding found
2003-06-06 22:05:39 DEBUG shibtarget::ResourceEntry [8] session_is_valid preFetch populate ResourceEntry(): Sending request
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- Re: testing the one-hop validation scenario, (continued)
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/06/2003
- Re: testing the one-hop validation scenario, Derek Atkins, 06/06/2003
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/06/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 06/06/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 06/06/2003
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/06/2003
- RE: testing the one-hop validation scenario, Scott Cantor, 06/07/2003
- Re: testing the one-hop validation scenario, Derek Atkins, 06/10/2003
- Re: testing the one-hop validation scenario, Derek Atkins, 06/06/2003
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/06/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 06/07/2003
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/07/2003
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/07/2003
- RE: testing the one-hop validation scenario, Scott Cantor, 06/07/2003
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/06/2003
- Re: testing the one-hop validation scenario, Steven_Carmody, 06/07/2003
Archive powered by MHonArc 2.6.16.