shibboleth-dev - elsevier target, brown origin
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: elsevier target, brown origin
- Date: Wed, 2 Jun 2004 21:41:16 -0400
elsevier is running a 1.1 target; brown is running a 1.2 origin.....
once yesterday, once today it appears that the brown AA failed to respond.....
this note contains elsevier's SHAR log
do a FIND thru this note for pluto (the name of the brown machine)
it looks like there was near simultaneous activity going on using the example.edu origin.....
the shib logs on the brown side show the HS activity, but nothing for the AA....
anything suspicious here?
-----Original Message-----
From: Hartman, Amber M. (LNG-DAY)
Sent: Wednesday, June 02, 2004 4:39 PM
To: Gast, Anthony (LNG-DAY);
''
Subject: RE: brown.edu AA
Just as an FYI...
The same thing happened today around 3:30 but it is working again now.
-----Original Message-----
From: Gast, Anthony (LNG-DAY)
Sent: Wednesday, June 02, 2004 4:37 PM
To:
'';
Hartman, Amber M. (LNG-DAY); Gast,
Anthony (LNG-DAY)
Subject: RE: brown.edu AA
At 17:01 or so yesterday I see:
17:01:19.334(06/01) DEBUG shibtarget.rpc-server : creating session for
138.12.194.206
17:01:19.334(06/01) DEBUG shibtarget.rpc-server : shire location:
http://cpc1747.lexisnexis.com:25007/SHIRE
17:01:19.335(06/01) DEBUG shibtarget.rpc-server : create the POST profile (1
policies)
17:01:19.335(06/01) DEBUG shibtarget.rpc-server : Trying to accept the post
17:01:19.337(06/01) DEBUG SAML.SAMLPOSTProfile : accept: decoded assertion:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstan
t="2004-06-01T21:01:18.986Z" MajorVersion="1" MinorVersion="1"
Recipient="http://cpc1747.lexisnexis.com:25007/SHIRE"
ResponseID="f7943046e6603a3a32ba431c19386827"><ds:S
ignature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
hod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#f7943046e6603a3a32ba431c19386827">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Trans
form>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default code
d
s kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>a5yhoXffbpJXkbXV7/GFwTzRTSU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
KiPjWfH7mmbBP2/uVi3Xf+VoG0ha5476m132TjB4XQal+eqvhZ8bcWu7x7kp3xPea0rZ2gkB1Y/T
phalTKQM4XDrzP8BcwmOyCEGoOdywAEzufYLvsPL/J+9hmKUQqfprja6MqLrGnjR35atUDHvtokL
7+QvjliWWlVz/L8yTX0=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIDeDCCAuWgAwIBAgIQAaR7kDQcjknSx2AQFBg8bTANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQG
EwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJVNlY3VyZSBT
ZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDMwOTE3MDAwMDAwWhcNMDUwOTE2MjM1
OTU5WjCBojELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1pY2hpZ2FuMRIwEAYDVQQHFAlBbm4gQXJi
b3IxQTA/BgNVBAoUOFVuaXZlcnNpdHkgQ29ycG9yYXRpb24gZm9yIEFkdmFuY2VkIEludGVybmV0
IERldmVsb3BtZW50MQwwCgYDVQQLFANUU0cxGzAZBgNVBAMUEndheWYuaW50ZXJuZXQyLmVkdTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArJKgmvaaqBOkoDADjbKnfFygcNXknSc3eOhR3CGY
NxwZ0dTgnqgYc+2uHIh4puRbN41XzuNa514IP2NKjamTGmsjHCUc9lOKn/9e1Qrw91tgGrE8JZVr
HDLDb/V6MQsoypM65moAXmsMeDOXtH/9TSdn02jvvQbNWh0Yr0sbb8sCAwEAAaOB9DCB8TAJBgNV
HRMEAjAAMAsGA1UdDwQEAwIFoDA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnZlcmlzaWdu
LmNvbS9SU0FTZWN1cmVTZXJ2ZXIuY3JsMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggr
BgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTAdBgNVHSUEFjAUBggrBgEFBQcD
AQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJp
c2lnbi5jb20wDQYJKoZIhvcNAQEFBQADfgCI7FtBZ2OfXZHOxvlOEzOMkmUNl5v5aU9EEP3/dAUL
K6W/vg7nIvgFDQhDdgLBvWEZwRfRcDPo95HC1DsAJlIh/UbSD5BgR6mGnEa1OhZLaMSLGRa8K7p4
hc7IbKYKiNmDZsDiX41XkvXvcCg5spG3ymFl8LffX3C+cE6bDQ==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="fb39a2
7cea2666ffb71949b971a960c4" IssueInstant="2004-06-01T21:01:18.986Z"
Issuer="wayf.internet2.edu" MajorVersion="1" MinorVersion="1"><Conditions
NotBefore="2004-06-01T21:0
1:18.985Z"
NotOnOrAfter="2004-06-01T21:06:18.985Z"><AudienceRestrictionCondition><Audie
nce>urn:mace:inqueue</Audience></AudienceRestrictionCondition></Conditions><
Authe
nticationStatement AuthenticationInstant="2004-06-01T21:01:18.985Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><
NameIdentifier Format="u
rn:mace:shibboleth:1.0:nameIdentifier"
NameQualifier="urn:mace:inqueue:example.edu">f5706042-43c5-478a-9b27-6f3e123
f6c45</NameIdentifier><SubjectConfirmation><Confirmat
ionMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></Subjec
tConfirmation></Subject><SubjectLocality
IPAddress="198.185.18.207"></SubjectLocality><Autho
rityBinding AuthorityKind="samlp:AttributeQuery"
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://wayf.internet2.edu/shibboleth-1.2/AA"></A
uthorityBinding></AuthenticationStatement></Assertion></Response>
17:01:19.378(06/01) DEBUG shibtarget.rpc-server : Get the SSOAssertion
17:01:19.378(06/01) DEBUG shibtarget.rpc-server : check replay cache
17:01:19.379(06/01) DEBUG shibtarget.rpc-server : get SSOStatement
17:01:19.379(06/01) INFO shibtarget.rpc-server : Creating new session
17:01:19.380(06/01) DEBUG escache::EsShibCache : EsShibCache::insert(),
adding cookie ed5596d1764292135852acaf8f0b840b for clientAddr 138.12.194.206
17:01:19.381(06/01) DEBUG shibtarget.InternalCCache : caching new entry for
"ed5596d1764292135852acaf8f0b840b"
17:01:19.383(06/01) INFO shibtarget::InternalCCacheEntry : New Session
Created...
17:01:19.383(06/01) DEBUG shibtarget::InternalCCacheEntry : Handle:
"f5706042-43c5-478a-9b27-6f3e123f6c45", Site:
"urn:mace:inqueue:example.edu", Address: 138.12.194.20
6
17:01:19.400(06/01) DEBUG shibtarget.rpc-server : new session id:
ed5596d1764292135852acaf8f0b840b
17:01:19.416(06/01) DEBUG shibtarget.rpc-server : checking:
(checkAddr=false)
17:01:19.417(06/01) DEBUG shibtarget.InternalCCache : Find:
"ed5596d1764292135852acaf8f0b840b"
17:01:19.417(06/01) DEBUG shibtarget.InternalCCache : FindI:
"ed5596d1764292135852acaf8f0b840b"
17:01:19.417(06/01) DEBUG shibtarget.InternalCCache : Match Found.
17:01:19.417(06/01) DEBUG shibtarget::InternalCCacheEntry : test session
f5706042-43c5-478a-9b27-6f3e123f6c45@urn:mace:inqueue:example.edu,
(lifetime=-1, timeout=-1)
17:01:19.422(06/01) DEBUG shibtarget.rpc-server : resource:
http://cpc1747.lexisnexis.com:25007/
17:01:19.422(06/01) INFO shibtarget.Resource : creating resource:
"http://cpc1747.lexisnexis.com:25007/" ->
"http://cpc1747.lexisnexis.com:25007"
17:01:19.422(06/01) DEBUG shibtarget.Resource : server is
"cpc1747.lexisnexis.com:25007"
17:01:19.423(06/01) DEBUG shibtarget.Resource : No request-attributes found
17:01:19.574(06/01) DEBUG shibtarget::InternalCCacheEntry : populating entry
for http://cpc1747.lexisnexis.com:25007
(http://cpc1747.lexisnexis.com:25007/)
17:01:19.574(06/01) DEBUG shibtarget::InternalCCacheEntry : find:
http://cpc1747.lexisnexis.com:25007
17:01:19.574(06/01) DEBUG shibtarget::InternalCCacheEntry : no match found
17:01:19.575(06/01) INFO shibtarget::InternalCCacheEntry : trying to
request attributes for
f5706042-43c5-478a-9b27-6f3e123f6c45@urn:mace:inqueue:example.edu
-> http:/
/cpc1747.lexisnexis.com:25007/
17:01:19.576(06/01) DEBUG shibtarget::ResourceEntry : Trying binding...
17:01:19.576(06/01) DEBUG shibtarget.InternalCCache : looking for binding...
17:01:19.576(06/01) DEBUG shibtarget.InternalCCache : https binding found
17:01:19.576(06/01) DEBUG shibtarget::ResourceEntry : Sending request
17:01:19.579(06/01) DEBUG SAML.SAMLSOAPBinding : Connection 0 seems to be
dead!
17:01:19.579(06/01) DEBUG SAML.SAMLSOAPBinding : Closing connection #0
17:01:19.587(06/01) DEBUG SAML.SAMLSOAPBinding : About to connect() to
wayf.internet2.edu:443
17:01:19.615(06/01) DEBUG SAML.SAMLSOAPBinding : Connected to
shibprod0.internet2.edu (207.75.164.96) port 443
17:01:20.252(06/01) DEBUG SAML.SAMLSOAPBinding : SSL re-using session ID
17:01:21.569(06/01) DEBUG SAML.SAMLSOAPBinding : SSL connection using
EDH-RSA-DES-CBC3-SHA
17:01:21.569(06/01) DEBUG SAML.SAMLSOAPBinding : Server certificate:
17:01:21.569(06/01) DEBUG SAML.SAMLSOAPBinding : subject:
/C=US/ST=Michigan/L=Ann Arbor/O=University Corporation for Advanced Internet
Development/OU=TSG/CN=way
f.internet2.edu
17:01:21.570(06/01) DEBUG SAML.SAMLSOAPBinding : start date:
2003-09-17 00:00:00 GMT
17:01:21.570(06/01) DEBUG SAML.SAMLSOAPBinding : expire date:
2005-09-16 23:59:59 GMT
17:01:21.570(06/01) DEBUG SAML.SAMLSOAPBinding : common name:
wayf.internet2.edu (matched)
17:01:21.570(06/01) DEBUG SAML.SAMLSOAPBinding : issuer: /C=US/O=RSA
Data Security, Inc./OU=Secure Server Certification Authority
17:01:21.571(06/01) DEBUG SAML.SAMLSOAPBinding : POST /shibboleth-1.2/AA
HTTP/1.1
Host: wayf.internet2.edu
Pragma: no-cache
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Content-Type: text/xml
SOAPAction: http://www.opensaml.org
Content-Length: 794
17:01:21.572(06/01) DEBUG SAML.SAMLSOAPBinding : <Envelope
xmlns="http://schemas.xmlsoap.org/soap/envelope/"><Body><Request
xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
IssueInstant="2004-06-01T21:01:19Z" MajorVersion="1" MinorVersion="1"
RequestID="bead2d06f2e0e75bc3cc0dc789b11a65"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" x
mlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><AttributeQuery
Resource="http://cpc1747.lexisnexis.com:25007/"><Subject
xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
<NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier"NameQualifier="urn:mace:inqueue:example.edu">f5706042-43c5-478a-9b27-6f3e123
f6c45</NameIdentifier><Subj
ectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</C
onfirmationMethod></SubjectConfirmation></Subject></AttributeQuery></Request
</Body></Envelope>
17:01:22.800(06/01) DEBUG SAML.SAMLSOAPBinding : HTTP/1.1 200 OK
17:01:22.801(06/01) DEBUG SAML.SAMLSOAPBinding : Date: Tue, 01 Jun 2004
21:01:21 GMT
17:01:22.800(06/01) DEBUG SAML.SAMLSOAPBinding : HTTP/1.1 200 OK
17:01:22.801(06/01) DEBUG SAML.SAMLSOAPBinding : Date: Tue, 01 Jun 2004
21:01:21 GMT
17:01:22.801(06/01) DEBUG SAML.SAMLSOAPBinding : Server: Apache/1.3.23
(Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 mod_perl/1.26
mod_jk/1.1.0
17:01:22.801(06/01) DEBUG SAML.SAMLSOAPBinding : Content-Length: 2841
17:01:22.802(06/01) DEBUG SAML.SAMLSOAPBinding : Content-Type: text/xml;
charset=UTF-8
17:01:22.802(06/01) DEBUG SAML.SAMLSOAPBinding : <soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmln
s:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body><Response
xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" x
mlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
InResponseTo="bead2d06f2e0e75bc3cc0dc789b11a65"
IssueInstant="2004-06-01T21:01:22.759Z" MajorVersion="1" MinorVersion=
"1" ResponseID="dff515d598c74fa43354e32555e017a3"><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertio
n" AssertionID="c828a3096dec524c9f5d62c6d459e28a"
IssueInstant="2004-06-01T21:01:22.759Z"
Issuer="urn:mace:inqueue:example.edu" MajorVersion="1"
MinorVersion="1"><Condi
tions NotBefore="2004-06-01T21:01:22.759Z"
NotOnOrAfter="2004-06-01T21:31:22.759Z"><AudienceRestrictionCondition><Audie
nce>http://cpc1747.lexisnexis.com:25007/</Audienc
e><Audience>urn:mace:inqueue</Audience></AudienceRestrictionCondition></Cond
itions><AttributeStatement><Subject><NameIdentifier
Format="urn:mace:shibboleth:1.0:nameIden
tifier"
NameQualifier="urn:mace:inqueue:example.edu">f5706042-43c5-478a-9b27-6f3e123
f6c45</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:nam
es:tc:SA
ML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><Attrib
ute xmlns:typens="urn:mace:shibboleth:1.0"
AttributeName="urn:mace:dir:attribute-def:eduPers
onEntitlement"
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><Attribu
teValue
xsi:type="typens:AttributeValueType">urn:mace:oclc.org:100277910</Att
ributeValue><AttributeValue
xsi:type="typens:AttributeValueType">urn:mace:example.edu:exampleEntitlement
</AttributeValue><AttributeValue xsi:type="typens:AttributeValue
Type">urn:mace:incommon:entitlement:common:1</AttributeValue></Attribute><At
tribute xmlns:typens="urn:mace:shibboleth:1.0"
AttributeName="urn:mace:dir:attribute-def:edu
PersonScopedAffiliation"
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"><Attribu
teValue Scope="example.edu" xsi:type="typens:AttributeValueType">me
mber</AttributeValue></Attribute><Attribute
xmlns:typens="urn:mace:shibboleth:1.0"
AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
AttributeNamespace=
"urn:mace:shibboleth:1.0:attributeNamespace:uri"><AttributeValue
Scope="example.edu"
xsi:type="typens:AttributeValueType">demo</AttributeValue></Attribute><Attri
bute xm
lns:typens="urn:mace:shibboleth:1.0"
AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
<AttributeValue Scope="example.edu"
xsi:type="typens:AttributeValueType">6xCI1qyLfj12h9wiogTmcebZcL0=</Attribute
Value></Attribute></AttributeStatement></Assertion></Res
ponse></soap:Body></soap:Envelope>
17:01:22.802(06/01) DEBUG SAML.SAMLSOAPBinding : Connection #0 left intact
17:01:22.814(06/01) DEBUG Shibboleth.XMLAAPImpl : evaluating value for
attribute urn:mace:dir:attribute-def:eduPersonEntitlement from site
urn:mace:inqueue:example.edu
17:01:22.814(06/01) DEBUG Shibboleth.XMLAAPImpl : matching site, value match
17:01:22.815(06/01) DEBUG Shibboleth.XMLAAPImpl : evaluating value for
attribute urn:mace:dir:attribute-def:eduPersonEntitlement from site
urn:mace:inqueue:example.edu
17:01:22.816(06/01) DEBUG Shibboleth.XMLAAPImpl : matching site, value match
17:01:22.816(06/01) DEBUG Shibboleth.XMLAAPImpl : evaluating value for
attribute urn:mace:dir:attribute-def:eduPersonEntitlement from site
urn:mace:inqueue:example.edu
17:01:22.817(06/01) DEBUG Shibboleth.XMLAAPImpl : matching site, value match
17:01:22.824(06/01) DEBUG Shibboleth.XMLAAPImpl : evaluating value for
attribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation from site
urn:mace:inqueue:exampl
e.edu
17:01:22.825(06/01) DEBUG Shibboleth.XMLAAPImpl : any site, value match
17:01:22.832(06/01) DEBUG Shibboleth.XMLAAPImpl : scope match via site
metadata
17:01:22.835(06/01) DEBUG Shibboleth.XMLAAPImpl : evaluating value for
attribute urn:mace:dir:attribute-def:eduPersonPrincipalName from site
urn:mace:inqueue:example.ed
u
17:01:22.835(06/01) DEBUG Shibboleth.XMLAAPImpl : any site, any value, match
17:01:22.835(06/01) DEBUG Shibboleth.XMLAAPImpl : scope match via site
metadata
17:01:22.836(06/01) DEBUG Shibboleth.XMLAAPImpl : evaluating value for
attribute urn:mace:dir:attribute-def:eduPersonTargetedID from site
urn:mace:inqueue:example.edu
17:01:22.837(06/01) DEBUG Shibboleth.XMLAAPImpl : any site, any value, match
17:01:22.837(06/01) DEBUG Shibboleth.XMLAAPImpl : scope match via site
metadata
17:01:22.838(06/01) DEBUG shibtarget::InternalCCacheEntry : inserting
http://cpc1747.lexisnexis.com:25007
17:01:22.838(06/01) INFO shibtarget::InternalCCacheEntry : fetched and
stored SAML response
17:01:22.838(06/01) DEBUG shibtarget.rpc-server : session ok
17:01:22.846(06/01) DEBUG shibtarget.rpc-server : get attrs for client at
138.12.194.206
17:01:22.846(06/01) DEBUG shibtarget.rpc-server : cookie:
ed5596d1764292135852acaf8f0b840b
17:01:22.847(06/01) DEBUG shibtarget.rpc-server : resource:
http://cpc1747.lexisnexis.com:25007/
17:01:22.847(06/01) DEBUG shibtarget.InternalCCache : Find:
"ed5596d1764292135852acaf8f0b840b"
17:01:22.847(06/01) DEBUG shibtarget.InternalCCache : FindI:
"ed5596d1764292135852acaf8f0b840b"
17:01:22.848(06/01) DEBUG shibtarget.InternalCCache : Match Found.
17:01:22.848(06/01) INFO shibtarget.Resource : creating resource:
"http://cpc1747.lexisnexis.com:25007/" ->
"http://cpc1747.lexisnexis.com:25007"
17:01:22.848(06/01) DEBUG shibtarget.Resource : server is
"cpc1747.lexisnexis.com:25007"
17:01:22.849(06/01) DEBUG shibtarget.Resource : No request-attributes found
17:01:22.849(06/01) DEBUG shibtarget::InternalCCacheEntry : populating entry
for http://cpc1747.lexisnexis.com:25007
(http://cpc1747.lexisnexis.com:25007/)
17:01:22.849(06/01) DEBUG shibtarget::InternalCCacheEntry : find:
http://cpc1747.lexisnexis.com:25007
17:01:22.850(06/01) DEBUG shibtarget::InternalCCacheEntry : match found
17:01:22.850(06/01) DEBUG shibtarget::InternalCCacheEntry : found resource
17:01:22.850(06/01) INFO shibtarget::ResourceEntry : checking validity
17:01:22.850(06/01) DEBUG shibtarget::ResourceEntry : testing assertion...
17:01:22.851(06/01) DEBUG shibtarget::ResourceEntry : comparing now
(2004-06-01T21:01:22Z) to 2004-06-01T21:31:22.759Z
17:01:22.851(06/01) DEBUG shibtarget::ResourceEntry : yep, all still valid
17:01:22.876(06/01) DEBUG shibtarget.rpc-server : returning
17:01:51.364(06/01) DEBUG shibtarget.rpc-server : creating session for
138.12.194.206
17:01:51.365(06/01) DEBUG shibtarget.rpc-server : shire location:
http://cpc1747.lexisnexis.com:25007/SHIRE
17:01:51.365(06/01) DEBUG shibtarget.rpc-server : create the POST profile (1
policies)
17:01:51.365(06/01) DEBUG shibtarget.rpc-server : Trying to accept the post
17:01:51.368(06/01) DEBUG SAML.SAMLPOSTProfile : accept: decoded assertion:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstan
t="2004-06-01T21:01:50.315Z" MajorVersion="1" MinorVersion="1"
Recipient="http://cpc1747.lexisnexis.com:25007/SHIRE"
ResponseID="cfd25808f5dbf5daca51bb88d6cac6e5"><ds:S
ignature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
hod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#cfd25808f5dbf5daca51bb88d6cac6e5">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Trans
form>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default code
d
s kind rw saml samlp typens"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>P7WHUZMBmhAqzgOZ1Eep3yAxsvA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Ge5A8BbZJ+GduHGqKuZDJphp0CMtTC0JgkAU0SzPVrvobKZB1oHMVwB++5XARZ5vJyi6zd+epJVW
IkLdmeLPQTGA42+/uZHqrJUcSwBSULTEbFzIlvad7mTotDNfmjahWsM4S0FOnSni2+u6qWZz2HZs
nQOfVKy82PWdVUiy6Lc=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIICxDCCAi2gAwIBAgICArYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVTMRIwEAYDVQQI
EwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lz
Y29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYD
VQQDExxIRVBLSSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMB4XDTAzMDIyNjE2MTAwNloXDTA3MDQw
NzE2MTAwNlowgYUxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxSaG9kZSBJc2xhbmQxEzARBgNVBAcT
ClByb3ZpZGVuY2UxGTAXBgNVBAoTEEJyb3duIFVuaXZlcnNpdHkxDDAKBgNVBAsTA0NJUzEhMB8G
A1UEAxMYcGx1dG8uc2VydmljZXMuYnJvd24uZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDJAQBtKz6uW+RHk2AAi9yfIY8NoLpAkQA5kmfR9UgcDHzZUvzjFQrOeRXxkyJxg1WIcktVSJ+w
7OvMdIMti8i+fORJYeEI4kstqBEMBhb617uaLW8OIftesXC4lDrdPioadwlC2pil/HYo2R7SpLFG
T2PMdqrck6Lhx5W0xhhK2wIDAQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIFoDANBgkq
hkiG9w0BAQQFAAOBgQBlMZ5q3u1OqzgJe2CrzK7hUWSwawPg68aTMETiuGAvIVE3RK0VvNugWPoo
q3dTzv5tLe+FlteEmIJiscH+WGu8gZLP3gB9baf+nlST4YoRRgCZJQid+uOLZG3NQ/rxO3L5x8P3
CVeEsd0YKE41Bl3SZuVriSpZIvtDQBfb9hrGZg==
</ds:X509Certificate>
<ds:X509Certificate>
MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVTMRIwEAYDVQQI
EwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lz
Y29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYD
VQQDExxIRVBLSSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIy
MDIyMzIxNFowgakxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01h
ZGlzb24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lv
biBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0EgLS0g
MjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvImusW7uaRS7xLsi2ZzZuUz6g
bfATwxwvtQ+8cuyDpRlhvr1qnghC9EnjRH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HN
Etz1Nlc7FCJ0HATxtkEUhQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQAB
oyAwHjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAttxlP
3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKfN/ySLXlu5ItApeJM
Whcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9YiM4SJ6gjGf83y9axPpuHcjwxQ5fLq
ZfnvrWH+1owJhQ==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature><Status><StatusCode
Value="samlp:Success"></StatusCode></Status><Assertion
xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="cec82c
eab1ed8ff24eaabd64854a2005" IssueInstant="2004-06-01T21:01:50.314Z"
Issuer="pluto.services.brown.edu" MajorVersion="1"
MinorVersion="1"><Conditions NotBefore="2004-06-0
1T21:01:50.312Z"
NotOnOrAfter="2004-06-01T21:06:50.312Z"><AudienceRestrictionCondition><Audie
nce>urn:mace:inqueue</Audience></AudienceRestrictionCondition></Conditions>
<AuthenticationStatement AuthenticationInstant="2004-06-01T21:01:50.310Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><
NameIdentifier For
mat="urn:mace:shibboleth:1.0:nameIdentifier"
NameQualifier="urn:mace:inqueue:brown.edu">b697ed28-9da8-4931-999a-fd0b8037a
44e</NameIdentifier><SubjectConfirmation><Confi
rmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></Su
bjectConfirmation></Subject><SubjectLocality
IPAddress="198.185.18.207"></SubjectLocality><A
uthorityBinding AuthorityKind="samlp:AttributeQuery"
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://pluto.services.brown.edu/shibboleth/A
A"></AuthorityBinding></AuthenticationStatement></Assertion></Response>
17:01:51.412(06/01) DEBUG shibtarget.rpc-server : Get the SSOAssertion
17:01:51.412(06/01) DEBUG shibtarget.rpc-server : check replay cache
17:01:51.413(06/01) DEBUG shibtarget.rpc-server : get SSOStatement
17:01:51.413(06/01) INFO shibtarget.rpc-server : Creating new session
17:01:51.413(06/01) DEBUG escache::EsShibCache : EsShibCache::insert(),
adding cookie ea4ad055b7a28c917fc5da30da6983a6 for clientAddr 138.12.194.206
17:01:51.416(06/01) DEBUG shibtarget.InternalCCache : caching new entry for
"ea4ad055b7a28c917fc5da30da6983a6"
17:01:51.417(06/01) INFO shibtarget::InternalCCacheEntry : New Session
Created...
17:01:51.417(06/01) DEBUG shibtarget::InternalCCacheEntry : Handle:
"b697ed28-9da8-4931-999a-fd0b8037a44e", Site: "urn:mace:inqueue:brown.edu",
Address: 138.12.194.206
17:01:51.426(06/01) DEBUG shibtarget.rpc-server : new session id:
ea4ad055b7a28c917fc5da30da6983a6
17:01:51.451(06/01) DEBUG shibtarget.rpc-server : checking:
(checkAddr=false)
17:01:51.451(06/01) DEBUG shibtarget.InternalCCache : Find:
"ea4ad055b7a28c917fc5da30da6983a6"
17:01:51.452(06/01) DEBUG shibtarget.InternalCCache : FindI:
"ea4ad055b7a28c917fc5da30da6983a6"
17:01:51.452(06/01) DEBUG shibtarget.InternalCCache : Match Found.
17:01:51.452(06/01) DEBUG shibtarget::InternalCCacheEntry : test session
b697ed28-9da8-4931-999a-fd0b8037a44e@urn:mace:inqueue:brown.edu,
(lifetime=-1, timeout=-1)
17:01:51.455(06/01) DEBUG shibtarget.rpc-server : resource:
http://cpc1747.lexisnexis.com:25007/
17:01:51.455(06/01) INFO shibtarget.Resource : creating resource:
"http://cpc1747.lexisnexis.com:25007/" ->
"http://cpc1747.lexisnexis.com:25007"
17:01:51.456(06/01) DEBUG shibtarget.Resource : server is
"cpc1747.lexisnexis.com:25007"
17:01:51.456(06/01) DEBUG shibtarget.Resource : No request-attributes found
17:01:51.456(06/01) DEBUG shibtarget::InternalCCacheEntry : populating entry
for http://cpc1747.lexisnexis.com:25007
(http://cpc1747.lexisnexis.com:25007/)
17:01:51.457(06/01) DEBUG shibtarget::InternalCCacheEntry : find:
http://cpc1747.lexisnexis.com:25007
17:01:51.457(06/01) DEBUG shibtarget::InternalCCacheEntry : no match found
17:01:51.457(06/01) INFO shibtarget::InternalCCacheEntry : trying to
request attributes for
b697ed28-9da8-4931-999a-fd0b8037a44e@urn:mace:inqueue:brown.edu
-> http://c
pc1747.lexisnexis.com:25007/
17:01:51.458(06/01) DEBUG shibtarget::ResourceEntry : Trying binding...
17:01:51.458(06/01) DEBUG shibtarget.InternalCCache : looking for binding...
17:01:51.459(06/01) DEBUG shibtarget.InternalCCache : https binding found
17:01:51.459(06/01) DEBUG shibtarget::ResourceEntry : Sending request
17:01:51.461(06/01) DEBUG SAML.SAMLSOAPBinding : Re-using existing
connection! (#0)
17:01:51.462(06/01) DEBUG SAML.SAMLSOAPBinding : Connected to
(128.148.19.192) port 443
17:01:51.462(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.462(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.463(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.463(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.463(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.464(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.464(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.464(06/01) DEBUG SAML.SAMLSOAPBinding :
17:01:51.465(06/01) DEBUG SAML.SAMLSOAPBinding :
*** this goes on and on and on *** 163,860 of these entries until:
17:02:51.461(06/01) DEBUG SAML.SAMLSOAPBinding : Operation timed out with 0
out of -1 bytes received
17:02:51.462(06/01) DEBUG SAML.SAMLSOAPBinding : Connection #0 left intact
17:02:51.462(06/01) DEBUG shibtarget.rpc-server : prefetch failed with a
SAML Exception: SAMLSOAPBinding::send() failed while contacting AA:
Operation timed out with 0 out of -1 bytes received
17:02:51.464(06/01) DEBUG shibtarget.InternalCCache : removing cache entry
"key"
17:02:51.464(06/01) DEBUG shibtarget.InternalCCache : FindI:
"ea4ad055b7a28c917fc5da30da6983a6"
17:02:51.464(06/01) DEBUG shibtarget.InternalCCache : Match Found.
17:02:51.465(06/01) DEBUG shibtarget.InternalCCache : FindI:
"ea4ad055b7a28c917fc5da30da6983a6"
17:02:51.465(06/01) DEBUG shibtarget.InternalCCache : Match Found.
17:02:51.466(06/01) DEBUG shibtarget::InternalCCacheEntry : deleting entry
for
b697ed28-9da8-4931-999a-fd0b8037a44e@urn:mace:inqueue:brown.edu
17:02:51.466(06/01) DEBUG escache::EsShibCache : EsShibCache::remove(),
looking in database for cookie ea4ad055b7a28c917fc5da30da6983a6
Then starting at 10:38 this morning the DEBUG SAML.SAMLSOAPBinding messages
started again, and did not stop until I just bounced the SHAR and the apache
instance with the SHIRE and RM. Things seem much, much happier now.
I would suspect that moving to Shibboleth v1.2 would be advised, and that
looking into this in great depth may not be worth it with the significant
rework from 1.1 to 1.2.
-----Original Message-----
From:
[mailto:]
Sent: Wednesday, June 02, 2004 12:47 PM
To: Hartman, Amber M. (LNG-DAY); Gast, Anthony (LNG-DAY)
Subject: RE: brown.edu AA
At 10:40 AM -0400 6/2/04, Hartman, Amber M. (LNG-DAY) wrote:
It is working for me this morning.
hmmm.. looking at the local logs from yesterday..... I see that the
lexis target contacted my origin at
11:23
15;59
16:08
16:31
16:40
17:01
the only odd entry is the last one...... the local HS made an entry
(assigning a handle), but there is NO entry from the local AA...
which I would interpret (for the time being) as meaning that the
target for some reason did NOT contact my AA.....
Tony ... can you check your logs for that time, and send me the contents?
- elsevier target, brown origin, Steven_Carmody, 06/02/2004
- RE: elsevier target, brown origin, Scott Cantor, 06/03/2004
- RE: elsevier target, brown origin, Steven_Carmody, 06/03/2004
- RE: elsevier target, brown origin, Scott Cantor, 06/03/2004
- RE: elsevier target, brown origin, Steven_Carmody, 06/03/2004
- RE: elsevier target, brown origin, Scott Cantor, 06/03/2004
Archive powered by MHonArc 2.6.16.