Shibboleth Developers

[Daniel Fisher <>]

On Thu, Apr 28, 2011 at 9:04 AM, Khanna, Sumit (khannast) <> wrote:

But I have a couple of use. First, is my logger setup correctly? I’m not actually seeing that line in the idp-process or tomcat logs.

 

Make sure you've turned on debug for whatever package you put the GraceAuthenticationHandler in.

 

Second, how is that exception transferred over to the login servlet? I see my edu.uc.ucit.shibboleth.idm.auth.GraceLoginAuthenticationException in to logs (which is just an AuthenticationException with some added fields), but in the jsp page when you do a request.getAttribute(LoginHandler.AUTHENTICATION_EXCEPTION_KEY), the type of that class is actually a javax.security.auth.login.LoginException. Does it just copy the message from that exception into the message of a new one?

 

Yes.

 

Finally, and this is the big one, attrs.get("passwordExpirationTime") returns a null. You can see I tried changing new Ldap(this.config) to new Ldap(ch.getLdapConfig()), but in both cases, I don’t get any vales. If print out the DN, it is correct (cn=username,ou=People,o=uc). I’m not getting any connection exceptions and the user in the login.conf does have permission to view that attribute for a user. I’m sure I’m just missing something simple. Any ideas?

 

Check your LDAP logs. It appears the LDAP lookup is succeeding, so either the attributes don't exist or you don't have perms to read them.

--Daniel Fisher