[Shib-Users] Lots of "Unable to redirect to login page" errors on IdP
Etienne Dysli
Since running a version 2 IdP, I see lots of "Unable to redirect to
login page" errors in the log, caused by a NullPointerException.
Approximately 200 of these occur every day (sometimes as much as 400),
yet I haven't heard users complain about this. I don't know what the
browser display looks like because I've never managed to reproduce it.
Here is an example from the logs:
2010-06-29 14:46:52,845 - ERROR
[edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:143]
- Unable to redirect to login page.
org.apache.jasper.JasperException: java.lang.NullPointerException
at
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:491)
[jasper.jar:6.0.26]
[...]
Caused by: java.lang.NullPointerException: null
at org.apache.jsp.login_jsp._jspService(login_jsp.java:270) [na:na]
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
[jasper.jar:6.0.26]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
[jasper.jar:6.0.26]
... 30 common frames omitted
Previous log lines don't seem to indicate another error condition nor
display the same pattern for each occurence. Line 270 of file
tomcat/work/Catalina/localhost/idp/org/apache/jsp/login_jsp.java is:
out.print( loginContext.getRequestedAuthenticationMethods() );
So is LoginContext.getRequestedAuthenticationMethods() really the
culprit for throwing that NPE? Looking quickly at its code, that seems
unlikely. Do you have any other ideas? What user behaviour could trigger
this error?
Regards,
Etienne
Chad La Joie
happened is that some people book marked the login page and they end up
going to that first. The NPE would then be caused because the
loginContext object was null.
--
Chad La Joie
http://itumi.biz
trusted identities, delivered
Peter Schober
> Since running a version 2 IdP, I see lots of "Unable to redirect to
> login page" errors in the log, caused by a NullPointerException.
> Approximately 200 of these occur every day (sometimes as much as 400),
> yet I haven't heard users complain about this. I don't know what the
> browser display looks like because I've never managed to reproduce it.
By checking for an empty login context in login.jsp you can avoid
those, as has been suggested on this list, incl code a example.
Here's a login.jsp skeleton, but you can dig up the original in the
archives (the import statement is that way to avoid spurious line
breaks in the generated HTML output):
<%@ page
import="edu.internet2.middleware.shibboleth.idp.authn.LoginContext,
edu.internet2.middleware.shibboleth.idp.session.*,
edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper" %><%
LoginContext loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application), application, request);
Session userSession = HttpServletHelper.getUserSession(request);
%><?xml ...><!DOCTYPE ...><html ...>
<% if(loginContext != null){ %>
<% if ("true".equals(request.getAttribute("loginFailed"))) { %>
<h1>Authentication failed</h1>
<% } else { %>
<h1>Login</h1>
<% } %>
<% } else { %>
<h1>Error</h1>
<% } %>
cheers,
-peter
Etienne Dysli
> Can you see the IP addresses in the access log?
Not in idp-access.log because accesses to /idp/Authn/UserPassword aren't
logged there but I can look it up in Apache's log with the timestamp.
> Most likely what has happened is that some people book marked the
> login page and they end up going to that first. The NPE would then
> be caused because the loginContext object was null.
Indeed directly accessing /idp/Authn/UserPassword triggers this error.
Moreover loginContext.getRequestedAuthenticationMethods() is the first
method call on loginContext in my login.jsp so this looks logical.
But I see (in Apache's log) three times more GET requests without
referrer on /idp/Authn/UserPassword than there are errors. So something
else than just bookmarks is causing these requests and not all of them
lead to an error. Unfortunately, the HTTP response code is always 200
thus I cannot distinguish errors in Apache's access log.
Regards,
Etienne
suresh kumar
Hi,
I am creating one web application in .net . In which I need to integrate shibboleth idp ? shibboleth idp is already installed and setup in a separate server ( ubuntu server,apache).
How will I configure shibboleth into my website to authenticate user ?
How will sync users in both my website and shibboleth idp server ?
Can anyone give some reference links to work on this ? Also I need to enable single sign on to this shibboleth server ?
If any one send some sample application then it will be more useful for me. What I need to do to work on the above ?
Looking forward your response.
Thanks,
Suresh.
Chad La Joie
email. Also, before asking questions like this read the Shibboleth
documentation.
--
Peter Schober
contribute to that specific thread. Instead, compose a new email to
the list address with a meaningful subject.
* suresh kumar <ksure...@gmail.com> [2010-07-02 15:18]:
> I am creating one web application in .net . In which I need to
> integrate shibboleth idp ? shibboleth idp is already installed and
> setup in a separate server ( ubuntu server,apache).
See the middle column "Native Service Provider (SP)" of
https://spaces.internet2.edu/display/SHIB2/Configuration
> How will I configure shibboleth into my website to authenticate
> user?
See above.
> How will sync users in both my website and shibboleth idp server?
You might want to have a look at these:
https://spaces.internet2.edu/display/SHIB2/UnderstandingShibboleth
https://spaces.internet2.edu/display/SHIB2/FlowsAndConfig
-peter
suresh kumar
Thanks & Regards,
Sureshk.