[Shib-Users] Shib 2.1 Update: UsernamePassword Handler Failure

[Roy, Nicholas S]

I am upgrading my IdP to 2.1. I followed the instructions here:

https://spaces.internet2.edu/display/SHIB2/IdP2021Upgrade

When I bring up the new IdP everything works fine until I try to log in, at which point I get to the URL /idp/Authn/j_security_check on my IdP and get the following message:

"An error occurred while processing your request. Please contact your helpdesk or user ID office for assistance.
Error Message: Invalid IdP URL (HTTP 404)"

My LoginHandlers in handler.xml look like this:

<!-- Login Handlers -->
<!--<LoginHandler xsi:type="RemoteUser">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
</LoginHandler>-->

<!-- Username/password login handler -->
<LoginHandler xsi:type="UsernamePassword"
jaasConfigurationLocation="file://E:\Shibboleth\shibboleth-idp\conf\login.config">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
</LoginHandler>

<!--
Removal of this login handler will disable SSO support, that is it will require the user to authenticate
on every request.
-->
<LoginHandler xsi:type="PreviousSession">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
</LoginHandler>

Has anyone successfully gotten a 2.1 IdP working with the UsernamePassword handler? It was originally commented out in the default handler.xml file for IdP 2.1

Thank you,

Nick

[Chad La Joie]

What does your login.jsp look like?

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

[Roy, Nicholas S]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title> Shibboleth Identity Provider Login</title>
<link rel="stylesheet" href="shib.css" type="text/css" media="screen" charset="utf-8" />

</head>

<body>
<img src="<%= request.getContextPath() %>/images/hawkid-tools.png" /><br>
<h1> Shibboleth Identity Provider Login</h1>

<% if ("true".equals(request.getParameter("loginFailed"))) { %>
<p class="error">Authentication Failed</p>
<% } %>

<% if(request.getParameter("actionUrl") != null){ %>
<form action="<%=request.getParameter("actionUrl")%>" method="post">
<% }else{ %>
<form action="j_security_check" method="post">
<% } %>
<fieldset>
<legend>Login</legend>
<label for="j_username">Username:</label>
<input name="j_username" id="j_username" type="text" tabindex="1" /> <br />
<label for="j_password">Password:</label>
<input name="j_password" id="j_password" type="password" tabindex="2" /><br />
<input type="submit" value="Login" id="login" tabindex="3" />
</fieldset>
</form>
<p>NOTE: This is a test environment. For test purposes <em>only</em>.</p>

</html>

[Roy, Nicholas S]

Chad, thanks for the hint: I had to replace request.getParameter in my login.jsp with request.getAttribute, then everything worked fine. Thanks!

Nick

-----Original Message-----
From: Chad La Joie [mailto:chad....@switch.ch]
Sent: Monday, November 03, 2008 12:34 PM
To: shibbole...@internet2.edu
Subject: Re: [Shib-Users] Shib 2.1 Update: UsernamePassword Handler Failure

[Russell Beall]

I got the same results with my customized login.jsp, but I
successfully installed and authenticated with all other customizations
except using the default login.jsp which comes with the install package.

Will post more if I figure out why.

Russ.

[Russell Beall]

This handled the issue for me as well.

Russ.