Shibboleth Developers

["Scott Cantor" <>]

> SAML:2.0:bindings:HTTP-Artifact - consistent SP crash with logging in
debug:

Are you sure it's artifact and not SOAP?

> #6  0x00002b9ad1743e02 in opensaml::saml2p::SAML2SOAPDecoder::decode ()
from
> /usr/local/shib-sp2/lib/libsaml.so.6

Hmm, that's not the right decoder, so there'd have to be some seriously
screwed up internals for that to be artifact. Also, I need the line number.
There's no bug that I can see in the obvious spot (it checks for null when
it logs), which reinforces "something's wrong with the build" as a possible
cause.

> After I switched to INFO it worked.
> 
> SAML:2.0:bindings:SOAP - Worked. Is there a way to force back-channel SLO?
I
> removed all other endpoints from the metadata.

That's how you'd force it. The standard requires that front-channel be used
if at all possible.
 
> I haven't been able to test SP initiated SLO yet because of this since the
> SP won't do SLO if the session is started with a SAML1 binding. Is it a
> misconfiguration on my part?

Maybe, but all null pointer exceptions are bugs by definition. Looks like
it's a bug in the SLO extension.

-- Scott