Shibboleth Developers

At 1:59 PM -0500 12/12/07, Brent Putman wrote:
> Yeah, this log flow clearly indicates that there is a client TLS cert
> being presented in the request.  If there wasn't a client cert, that
> would be indicated by a different log message on DEBUG.  So that doesn't
> jib with the fact that this appears to be HTTP-Redirect, unless things
> are seriously horked up, or.......
>
> Could be that the browser is the thing presenting the client cert here,
> not the SP (in fact has to be, unless there is serious horked-up-ness).

Good pickup! Yes, for the first time ever, there was a client cert in 
my browser (left over from earlier in the day testing against the 
Tomcat 8443 port).

Which reminds me -- I had a client cert in my browser because 
accessing the Tomcat 8443 port would fail UNLESS the client provided 
a cert.... hopefully, this is just a config option within tomcat....

That said... I REMOVED the client cert from my browser... and the IdP 
failed with the same error msg....

... which isn't consistent with what I said above.... once I removed 
the cert, I would have expected a tomcat level failure.... any chance 
the browser might cache the client cert somewhere? Or load them at 
startup?