shibboleth-dev - Re: 1.3 SP with IdP 2.0
Subject: Shibboleth Developers
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: 1.3 SP with IdP 2.0
- Date: Wed, 02 Jan 2008 15:37:25 +0100
- Organization: SWITCH
Yeah, make sure you update.
Franck Borel wrote:
> Ok, seems to be a bug, see
> <https://bugs.internet2.edu/jira/browse/SIDP-105>
>
>
>> Happy New Year!
>>
>> after getting Shib 2.0 working, I try to make an Service Provider 1.3
>> speak with an IdP 2.0. The authentication request works, but the
>> attribute request failed. Any idea?
>>
>>
>> SP 1.3 logging
>> ==============
>>
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Server
>> certificate:
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: SSL certificate
>> verify ok.
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: POST
>> /shibboleth-idp/profile/SAML1/SOAP/AttributeQuery HTTP/1.1
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: HTTP/1.1 200 OK
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Date: Wed, 02
>> Jan 2008 12:16:43 GMT
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Server:
>> Apache/2.2.4 (Linux/SUSE)
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Set-Cookie:
>> JSESSIONID=8EBA1A29D163AF16EBB5067D3EAB094E; Path=/shibboleth-idp; Secure
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Content-Length:
>> 146
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Content-Type:
>> text/html;charset=ISO-8859-1
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Connection #0
>> to host aar.vascoda.de left intact
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: Closing
>> connection #0
>> 2008-01-02 13:16:43 DEBUG SAML.libcurl [1] sessionGet: SSLv3, TLS
>> alert, Client hello (1):
>> 2008-01-02 13:16:43 ERROR shibtarget.SessionCache [1] sessionGet:
>> caught SAML exception during SAML attribute query:
>> CgoKCjxodG1sPgoKPGJvZHk+Cgk8aW1nIHNyYz0
>> iL3NoaWJib2xldGgtaWRw
>> L2ltYWdlcy9sb2dvLmpwZyIgLz4KCTxoMz5FUlJPUjwvaDM+CglFcnJvciBN
>> ZXNzYWdlOiBJbnZhbGlkIFNBTUwgUmVxdWVzdCBtZXNzYWdlLgoJCjwvYm9k
>> eT4KCjwvaHRtbD4=
>>
>> 2008-01-02 13:16:43 WARN shibtarget.SessionCache [1] sessionGet:
>> skipping binding on unsupported protocol
>> (urn:oasis:names:tc:SAML:2.0:bindings:SOAP)
>> 2008-01-02 13:16:43 ERROR shibtarget.SessionCache [1] sessionGet: no
>> response obtained
>> 2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet: checking
>> for session:
>>
>> 2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet:
>> application: default
>> 2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet:
>> searching memory cache for key (_4be0453fc7a1373a5b33ba3be249aa31)
>> 2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet:
>> Match found
>> 2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet: Checking
>> address against 132.230.25.122
>> 2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet:
>> testing session (ID: _4be0453fc7a1373a5b33ba3be249aa31)
>> (lifetime=7200, timeout=3600)
>> 2008-01-02 13:16:43 DEBUG shibtarget.Listener [2] sessionGet: session ok
>> 2008-01-02 13:16:43 DEBUG shibtarget.SessionCache [2] sessionGet:
>> populating attributes for session (ID: _4be0453fc7a1373a5b33ba3be249aa31)
>>
>>
>> IdP 2.0 logging
>> ===============
>>
>> 13:16:43.906 INFO [Shibboleth-Access]
>> 20080102T121643Z|132.230.25.113|aar.vascoda.de:8443|/profile/SAML1/SOAP/AttributeQuery|
>>
>>
>> 13:16:43.915 ERROR
>> [edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler]
>> Incomming message was not a Request, it was a org.o
>> pensaml.ws.soap.soap11.impl.EnvelopeImpl
>>
>> 13:16:43.918 ERROR
>> [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet]
>> Encountered error processing request to /SAML1/SOAP
>> /AttributeQuery, invoking error handler
>> edu.internet2.middleware.shibboleth.common.profile.ProfileException:
>> Invalid SAML Request message.
>> at
>> edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler.decodeRequest(AttributeQueryProfileHandler.java:153)
>>
>> at
>> edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:75)
>>
>> at
>> edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:52)
>>
>> at
>> edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:74)
>>
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>>
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>>
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>>
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>>
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>>
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>>
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
>>
>> at
>> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
>> at
>> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
>> at
>> org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
>> at
>> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
>>
>> at
>> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
>>
>> at
>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>>
>> at java.lang.Thread.run(Thread.java:595)
>>
>> -- Franck
>>
>
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- 1.3 SP with IdP 2.0, Franck Borel, 01/02/2008
- Re: 1.3 SP with IdP 2.0, Franck Borel, 01/02/2008
- Re: 1.3 SP with IdP 2.0, Chad La Joie, 01/02/2008
- Re: 1.3 SP with IdP 2.0, Franck Borel, 01/02/2008
Archive powered by MHonArc 2.6.16.