I’m trying to test shibb on a local environment following the steps on
When accessing “https://sp.example.com/secure”
· If on the handler.xml I un-comment the “<LoginHandler xsi:type="RemoteUser"> “ I cant seem to get a login because the message “A valid session was not found.” is always returned.. no matter if I type a correct or incorrect password, I always get the same..
· If on the handler.xml I comment the “<LoginHandler xsi:type="RemoteUser"> “ I get the following error
opensaml::FatalProfileException at (http://sp.example.com/Shibboleth.sso/SAML2/POST)
SAML response contained an error.
Error from identity provider:
Status:
urn:oasis:names:tc:SAML:2.0:status:Responder
Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
What should I do and how can I fix this ?
Filipa Moura
I’m trying to test shibb on a local environment following the steps on
When accessing “https://sp.example.com/secure”
· If on the handler.xml I un-comment the “<LoginHandler xsi:type="RemoteUser"> “ I cant seem to get a login because the message “A valid session was not found.” is always returned.. no matter if I type a correct or incorrect password, I always get the same..
· If on the handler.xml I comment the “<LoginHandler xsi:type="RemoteUser"> “ I get the following error
opensaml::FatalProfileException at (http://sp.example.com/Shibboleth.sso/SAML2/POST)
SAML response contained an error.
Error from identity provider:
Status: urn:oasis:names:tc:SAML:2.0:status:Responder
Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
Not even for local testing? I just want to see how it works, simple.. Do I really have to configure some type of authentication? If so, what do you think is the simplest? :\
Not even for local testing? I just want to see how it works, simple.. Do I really have to configure some type of authentication? If so, what do you think is the simplest? :\
I tried this:
<LoginHandler xsi:type="IPAddress" username="ip-user" defaultDeny="true">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</AuthenticationMethod>
<IPEntry>192.168.16.0/8</IPEntry>
</LoginHandler>
Yet the error returned is the same
opensaml::FatalProfileException at (http://sp.example.com/Shibboleth.sso/SAML2/POST)
SAML response contained an error.
Error from identity provider:
Status:
urn:oasis:names:tc:SAML:2.0:status:Responder
Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
On the idp-process.log I get
16:15:07.432 - ERROR [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:592] - No user identified by login handler.
16:15:07.435 - ERROR [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:554] - Authentication failed with the error:
edu.internet2.middleware.shibboleth.idp.authn.AuthenticationException: No user identified by login handler.
at edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine.validateSuccessfulAuthentication(AuthenticationEngine.java:593) [shibboleth-identityprovider-2.1.1.jar:na]
[…]
I mean, shouldn’t this work? :\
From: Paul Hethmon
[mailto:paul.h...@clareitysecurity.com]
Sent: sexta-feira, 3 de Abril de 2009 16:09
To: Shibboleth Users
Subject: Re: [Shib-Users] opensaml::FatalProfileException or User login
problem?
On 4/3/09 11:00 AM, "Filipa Moura" <filipa...@alert.pt> wrote:
is there a site in your area that is already running Shib? Might
someone from that site be willing to visit you, and work thru a basic
install?
That would probably be a much faster process to get you to where you
want to be..... rather than the email list.....
I tried this:
<LoginHandler xsi:type="IPAddress" username="ip-user" defaultDeny="true">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol</AuthenticationMethod>
<IPEntry>192.168.16.0/8</IPEntry>
</LoginHandler>
Yes, i’ve already read the documentation and its exactly how it says there. I even defined it in the relying-party.xml as the default authentication method (<DefaultRelyingParty provider="https://idp.example.com/shibboleth" defaultSigningCredentialRef="IdPCredential" defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"> )…
(And yes Steven I know I’m being a pain in the ass with this much emails.. but my boss is bugging me and I cannot get this to work.. it’s my 4th day installing it..and there is no site in my area that is already running Shib…)
From: Paul Hethmon
[mailto:paul.h...@clareitysecurity.com]
Sent: sexta-feira, 3 de Abril de 2009 16:22
To: Shibboleth Users
Subject: Re: [Shib-Users] opensaml::FatalProfileException or User login
problem?
On 4/3/09 11:16 AM, "Filipa Moura" <filipa...@alert.pt> wrote:
Did you turn up logging to DEBUG and then analyze it in detail to see what's
going wrong?
Search for any previous references to the problem in the list archive?
Try a search for earlier questions about "simple authentication for a demo"
or something like that?
-- Scott