IDP log files not created

23 views
Skip to first unread message

Kaustubh Nagraj

unread,
Oct 24, 2011, 10:05:11 AM10/24/11
to Shib Dev
Hey,

I have been trying to get my IDP tested with TestShib and hence wanted to check my log files. However I found that my $IDP_HOME/log directory is empty.

Can someone please tell me where I am going wrong and how to find my log files?

Thanks,
Kaustubh

Rod Widdowson

unread,
Oct 24, 2011, 10:07:34 AM10/24/11
to Shib Dev

Very often this is because a misconfiguration is biting you before you even get to start up logging (often a mismatched < ... /> pair)

 

What is your container?  Check the container’s logging (catalina.out if useful for tomcat, but check them all just in case) and see if there is anything there.

Kaustubh Nagraj

unread,
Oct 24, 2011, 11:04:07 AM10/24/11
to Shib Dev
Hey,

Thanks for your reply. I am using Apache2 with Tomcat6.

What exactly am I supposed to be looking for in the container's log files? This is the last entry I see:

Oct 24, 2011 2:49:28 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler start failed: java.io.FileNotFoundException: /usr/share/tomcat6/.keystore (No such file or directory)
    at org.apache.catalina.connector.Connector.start(Connector.java:1094)
    at org.apache.catalina.core.StandardService.start(StandardService.java:534)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:616)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Oct 24, 2011 2:49:28 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 5671 ms

--
To unsubscribe from this list send an email to dev-uns...@shibboleth.net

Rod Widdowson

unread,
Oct 24, 2011, 11:12:58 AM10/24/11
to Shib Dev

Well that certainly won’t help.

 

Before you even start trying to debug your shibboleth install make sure that tomcat is working (so you can get to http://localhost:8080/ & https://localhost/ or whatever). This mailing list won’t be able to help you with that.

 

Once that’s done get the deployment fragment in place.   If you are still not getting the IdP logs you should look again at catalina.out .

Kaustubh Nagraj

unread,
Oct 24, 2011, 11:21:52 AM10/24/11
to Shib Dev
Thanks for your time Rod. My Tomcat works fine. I am able to visit the /idp/profile/Status page to get an OK message.

I was actually trying to test my IDP with TestShib. When I make a change in the relying_party.xml (uncommenting the MetaDataProvider tag), I no longer get the status page as OK. Instead I get a HTTP Error which says requested resource is not available.

This was the real reason I was trying to get hold of the log files. If some one can explain why I am getting the above error I dont need to look at the log file problem straightaway.

By the way following is the IDP related stuff in the catalina.out file:

Oct 24, 2011 3:19:18 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 581 ms
Oct 24, 2011 3:19:18 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Oct 24, 2011 3:19:18 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.28
Oct 24, 2011 3:19:18 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Oct 24, 2011 3:19:18 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor idp.xml
Oct 24, 2011 3:19:22 PM org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
Oct 24, 2011 3:19:22 PM org.apache.catalina.core.StandardContext start
SEVERE: Context [/idp] startup failed due to previous errors
Oct 24, 2011 3:19:22 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: The web application [/idp] created a ThreadLocal with key of type [null] (value [ch.qos.logback.core.UnsynchronizedAppenderBase$1@5e8c39d7]) and a value of type [java.lang.Boolean] (value [false]) but failed to remove it when the web application was stopped. This is very likely to create a memory leak.
Oct 24, 2011 3:19:22 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor ROOT.xml
Oct 24, 2011 3:19:22 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor examples.xml
Oct 24, 2011 3:19:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor docs.xml
Oct 24, 2011 3:19:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Oct 24, 2011 3:19:23 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080

Thanks,
Kaustubh

Paul Hethmon

unread,
Oct 24, 2011, 11:25:05 AM10/24/11
to Shibboleth Dev
Look in your log files and find out why Tomcat did not deploy your web application as indicated by the log file here. It's likely a syntax error in the relying-party.xml file you touched, invalid xml, etc. You'll find a bit more info in the other log files.

Kaustubh Nagraj

unread,
Oct 24, 2011, 12:32:11 PM10/24/11
to Shib Dev
Hey,

Thanks Paul for pointing me in the right direction. So I found what error I am getting. However I dont understand how to solve it.

This is the entry in the localhost log file:

Oct 24, 2011 4:26:27 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.RelyingPartyConfigurationManager': Invocation of init method failed; nested exception is edu.internet2.middleware.shibboleth.common.service.ServiceException: Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components.
.
.
.
Caused by: edu.internet2.middleware.shibboleth.common.service.ServiceException: Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components.
.
.
.
.
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'shibboleth.MetadataTrustEngine' is defined


Would someone happen to know why Iam getting this error?

Thanks,
Kaustubh

Rod Widdowson

unread,
Oct 24, 2011, 12:39:03 PM10/24/11
to Shib Dev
You have probably uncommented out the bit in the RelyingParty.xml file which sets up the metadata source:

> <metadata:MetadataFilter xsi:type="metadata:SignatureValidation"
> trustEngineRef="shibboleth.MetadataTrustEngine"

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> requireSignedMetadata="true" />

But not commented out the bit which sets up the signature validation

> <!-- Trust engine used to evaluate the signature on loaded metadata. -->

> <security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> <security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
> <security:Certificate>$IDP_HOME$/credentials/federation1.crt</security:Certificate>
> </security:Credential>
> </security:TrustEngine>

Kaustubh Nagraj

unread,
Oct 24, 2011, 12:53:18 PM10/24/11
to Shib Dev
Yes, you are right. I have not commented the part concerning signature validation. However the page at TestShib does not mention anything related to uncommenting that. Also, would uncommenting that still allow me to use a self signed certificate?

Nate Klingenstein

unread,
Oct 24, 2011, 1:40:09 PM10/24/11
to Shib Dev
Kaustubh,

The TestShib metadata is not signed, so you won't be able to perform
signature validation on it. In the TestShib configuration
instructions, step 2 for the identity provider asks you to comment out
the entire MetadataFilter:

https://www.testshib.org/testshib-two/configure.jsp

You might try that path instead.

Thanks for your use of TestShib,
Nate.

On Oct 24, 2011, at 16:53 , Kaustubh Nagraj wrote:

> Yes, you are right. I have not commented the part concerning
> signature validation. However the page at TestShib does not mention
> anything related to uncommenting that. Also, would uncommenting that
> still allow me to use a self signed certificate?

--

Reply all
Reply to author
Forward
0 new messages