Shibboleth Developers

[Scott Cantor <>]

> 2004-06-22 11:22:29 ERROR SAML.SAMLSOAPBinding [2] session_is_valid 
> preFetch populate getNewResponse send send: failed while contacting 
> SAML responder: Failed to connect to localhost IP number 1: 128
> 
> ***** actually, the above line confuses me -- why would  this 
> have failed?

Is the server actually listening on localhost? 

> 2004-06-22 11:22:30 INFO SAML.SAMLSOAPBinding [2] session_is_valid 
> preFetch populate getNewResponse send send: sending SOAP message to 
> https://cooke.services.brown.edu/shibboleth/AA

I'm much more confused by this. Why is it trying two different ones? Do you
have metadata elements for both locations? Is it acting like a 1.1 origin
and sending along an AuthorityBinding in the assertion with a localhost URL
in it? Either way it sounds screwed up.

> 2004-06-22 11:22:31 ERROR SAML.SAMLSOAPBinding [2] session_is_valid 
> preFetch populate getNewResponse send send: failed while contacting 
> SAML responder: SSL: certificate subject name 'localhost' does not 
> match target host name 'cooke.services.brown.edu'

This is of course obviously not going to work. You can't use URLs with a
hostname with a cert with localhost in it.

If that's what Howard was suggesting to do, it won't work. You'd have to
reissue the certificate.

-- Scott