Skip to Content.
Sympa Menu

shibboleth-dev - Re: 1.3 SP with IdP 2.0

Subject: Shibboleth Developers

List archive

Re: 1.3 SP with IdP 2.0


Chronological Thread 
  • From: Franck Borel <>
  • To:
  • Subject: Re: 1.3 SP with IdP 2.0
  • Date: Wed, 02 Jan 2008 15:23:52 +0100
  • Delivery-date: Wed, 02 Jan 2008 15:23:54 +0100
Ok, seems to be a bug, see
<https://bugs.internet2.edu/jira/browse/SIDP-105>


Happy New Year!

after getting Shib 2.0 working, I try to make an Service Provider 1.3 speak with an IdP 2.0. The authentication request works, but the attribute request failed. Any idea?


SP 1.3 logging
==============

2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Server certificate:
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: SSL certificate verify ok.
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: POST /shibboleth-idp/profile/SAML1/SOAP/AttributeQuery HTTP/1.1
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: HTTP/1.1 200 OK
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Date: Wed, 02 Jan 2008 12:16:43 GMT
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Server: Apache/2.2.4 (Linux/SUSE)
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Set-Cookie: JSESSIONID=8EBA1A29D163AF16EBB5067D3EAB094E; Path=/shibboleth-idp; Secure
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Content-Length: 146
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Content-Type: text/html;charset=ISO-8859-1
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Connection #0 to host aar.vascoda.de left intact
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Closing connection #0
2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: SSLv3, TLS alert, Client hello (1):
2008-01-02 13:16:43 ERROR shibtarget.SessionCache [1] sessionGet: caught SAML exception during SAML attribute query: CgoKCjxodG1sPgoKPGJvZHk+Cgk8aW1nIHNyYz0
iL3NoaWJib2xldGgtaWRw
L2ltYWdlcy9sb2dvLmpwZyIgLz4KCTxoMz5FUlJPUjwvaDM+CglFcnJvciBN
ZXNzYWdlOiBJbnZhbGlkIFNBTUwgUmVxdWVzdCBtZXNzYWdlLgoJCjwvYm9k
eT4KCjwvaHRtbD4=

2008-01-02 13:16:43 WARN shibtarget.SessionCache [1] sessionGet: skipping binding on unsupported protocol (urn:oasis:names:tc:SAML:2.0:bindings:SOAP)
2008-01-02 13:16:43 ERROR shibtarget.SessionCache [1] sessionGet: no response obtained
2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet: checking for session:
2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet: application: default
2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet: searching memory cache for key (_4be0453fc7a1373a5b33ba3be249aa31)
2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet: Match found
2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet: Checking address against 132.230.25.122
2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet: testing session (ID: _4be0453fc7a1373a5b33ba3be249aa31) (lifetime=7200, timeout=3600)
2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet: session ok
2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet: populating attributes for session (ID: _4be0453fc7a1373a5b33ba3be249aa31)


IdP 2.0 logging
===============

13:16:43.906 INFO [Shibboleth-Access] 20080102T121643Z|132.230.25.113|aar.vascoda.de:8443|/profile/SAML1/SOAP/AttributeQuery|

13:16:43.915 ERROR [edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler] Incomming message was not a Request, it was a org.o
pensaml.ws.soap.soap11.impl.EnvelopeImpl

13:16:43.918 ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet] Encountered error processing request to /SAML1/SOAP
/AttributeQuery, invoking error handler
edu.internet2.middleware.shibboleth.common.profile.ProfileException: Invalid SAML Request message.
at edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler.decodeRequest(AttributeQueryProfileHandler.java:153)
at edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:75)
at edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:52)
at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:74)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:595)

-- Franck


--

Beste Grüße

Franck Borel

**************************************************************************
Dipl.-Hyd. Franck Borel Telefon: +49[0]761-203 3908
Universitätsbibliothek Fax : +49[0]761-203 3987
Platz der Universität 2 E-Mail :

WWW : http://www.ub.uni-freiburg.de
D-79098 Freiburg
**************************************************************************


Archive powered by MHonArc 2.6.16.

Top of Page