Shibboleth Developers

["Vitaliy A. Shipitsyn" <>]

We continue to have issues with porting of Shib 1.3 onto Tru64. 

Compilation and installation were successful. Apache 1.3 starts up with
shibd running in background.


The problem is reported in var/log/shibboleth/shibd.log:

ERROR Shibboleth.ShibBrowserProfile [0] sessionNew sessionNew: assertion
issuer not found in metadata (Issuer='urn:mace:incommon:ohio.edu', NameQ
ualifier='urn:mace:incommon:ohio.edu')
DEBUG Shibboleth.ShibBrowserProfile [0] sessionNew sessionNew: found
invalid metadata for assertion issuer, using for contact info

The browser side reports errors:

Metadata lookup failure at
(https://toddtest4.cats.ohiou.edu/Shibboleth.sso/SAML/POST)
Session Creation Error: metadata lookup failed, unable to process assertion


We are using the exact same configuration from a working Linux target, so
we don't believe it is a configuration issue.

A valid-looking SAML response gets written to shibd.log before we see the
errors above. We suspect that the XML data from the metadata file are not
read correctly or corrupt, and the lookups of the issuer
urn:mace:incommon:ohio.edu consequently fail.

To correct the problem, we considered the following:
- compiled all components (log4cpp through shibboleth-1.3) with specific
declaration of Tru64's BYTE_ORDER=LITTLE_ENDIAN
- enabled debug mode via config files and via _DEBUG compilation option

Questions:
- could there be incompatibilities related to 64bit vs. 32bit compilation
modes?
- are there class methods that dump the parsed metadata?
- does metadata lookup take place in mod_shib or in shibd? We would like to
debug the code spanning from Metadata.cpp.

Thank you.
OU Shib Team


----
Vitaliy A Shipitsyn
Ohio University, http://edirectory.ohio.edu/?$search?uid=vshipits