[Shib-Users] Can't run shibboleth2 service provider's shibd process

[Arminas Grigalius]

Hello everyone,

After installing shibboleth2 Service Provider, we're unable to run shibd process.. Error message says:

2009-11-02 14:18:38 ERROR Shibboleth.Listener : socket call resulted in error (125): Address already in use
2009-11-02 14:18:38 CRIT Shibboleth.Listener : failed to bind to socket.

# /path/to/shib/sbin/shibd ; tail -f shibd.log
2009-11-02 14:18:11 INFO Shibboleth.SessionCache : No StorageServiceLite specified. Using standard StorageService.
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (find::StorageService::SessionCache)
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (remove::StorageService::SessionCache)
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (touch::StorageService::SessionCache)
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (default/TestShib::run::SAML2SI)
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/POST)
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML/POST)
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (default/Metadata)
2009-11-02 14:18:11 INFO Shibboleth.Listener : registered remoted message endpoint (default/Status)
2009-11-02 14:18:11 INFO Shibboleth.Application : building MetadataProvider of type XML...
2009-11-02 14:18:37 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (http://www.testshib.org/metadata/testshib-two-metadata.xml)
listener failed to initialize
2009-11-02 14:18:38 INFO Shibboleth.Application : building TrustEngine of type ExplicitKey...
2009-11-02 14:18:38 INFO Shibboleth.Application : building AttributeExtractor of type XML...
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : loaded XML resource (/path/to/shib/etc/shibboleth/attribute-map.xml)
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonPrincipalName
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.6
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.9
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonAffiliation
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.1
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonEntitlement
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.7
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.11
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonTargetedID
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.10
2009-11-02 14:18:38 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2009-11-02 14:18:38 INFO Shibboleth.Application : building AttributeFilter of type XML...
2009-11-02 14:18:38 INFO Shibboleth.AttributeFilter : loaded XML resource (/path/to/shib/etc/shibboleth/attribute-policy.xml)
2009-11-02 14:18:38 INFO Shibboleth.Application : building AttributeResolver of type Query...
2009-11-02 14:18:38 INFO Shibboleth.Application : building CredentialResolver of type File...
2009-11-02 14:18:38 INFO XMLTooling.SecurityHelper : loading private key from file (/path/to/shib/etc/shibboleth/sp-key.pem)
2009-11-02 14:18:38 INFO XMLTooling.SecurityHelper : loading certificate(s) from file (/path/to/shib/etc/shibboleth/sp-cert.pem)
2009-11-02 14:18:38 INFO Shibboleth.Listener : registered remoted message endpoint (default::getHeaders::Application)
2009-11-02 14:18:38 INFO Shibboleth.Listener : listener service starting
2009-11-02 14:18:38 ERROR Shibboleth.Listener : socket call resulted in error (125): Address already in use
2009-11-02 14:18:38 CRIT Shibboleth.Listener : failed to bind to socket.
2009-11-02 14:18:38 INFO Shibboleth.Config : shibboleth 2.2.1 library shutting down
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (default::getHeaders::Application)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/TestShib::run::SAML2SI)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML2/POST)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML/POST)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Metadata)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Status)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (find::StorageService::SessionCache)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (remove::StorageService::SessionCache)
2009-11-02 14:18:38 INFO Shibboleth.Listener : unregistered remoted message endpoint (touch::StorageService::SessionCache)
2009-11-02 14:18:38 INFO XMLTooling.StorageService : cleanup thread finished
2009-11-02 14:18:38 INFO XMLTooling.XMLToolingConfig : xmltooling 1.2.2 library shutdown complete
2009-11-02 14:18:38 INFO OpenSAML.SAMLConfig : opensaml 2.2.1 library shutdown complete

2009-11-02 14:18:38 INFO Shibboleth.Config : shibboleth 2.2.1 library shutdown complete

Here is my shibboleth2.xml file, that was generated by testshib.org (except I changed "Rule" to "PolicyRule" because of legacy problems):

<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" logger="syslog.logger" clockSkew="1800">
<OutOfProcess logger="shibd.logger"/>
<InProcess logger="native.logger"/>
<UnixListener address="shibd.sock"/>
<StorageService type="Memory" id="mem" cleanupInterval="900"/>
<SessionCache type="StorageService" StorageService="mem" cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>
<ReplayCache StorageService="mem"/>
<RequestMapper type="Native">
<RequestMap applicationId="default">
<Host name="shib-sp.mydomain.org">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
</RequestMap>
</RequestMapper>
<ApplicationDefaults id="default" policyId="default" REMOTE_USER="eppn" entityID="https://shib-sp.mydomain.org/shibboleth-sp" homeURL="https://shib-sp.mydomain.org/index.html">
<Sessions lifetime="28800" timeout="3600" checkAddress="false" handlerURL="/Shibboleth.sso" handlerSSL="false">
<SessionInitiator type="SAML2" Location="/TestShib" isDefault="true" defaultACSIndex="1" id="TestShib" entityID="https://idp.testshib.org/idp/shibboleth" template="bindingTemplate.html"/>
<md:AssertionConsumerService Location="/SAML2/POST" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:AssertionConsumerService Location="/SAML/POST" index="6" Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session"/>
</Sessions>
<Errors session="sessionError.html" metadata="metadataError.html" access="accessError.html" ssl="sslError.html" supportContact="root@localhost" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider type="XML" uri="http://www.testshib.org/metadata/testshib-two-metadata.xml" backingFilePath="testshib-two-metadata.xml" reloadInterval="180000"/>
<TrustEngine type="ExplicitKey"/>
<AttributeExtractor type="XML" path="attribute-map.xml"/>
<AttributeResolver type="Query"/>
<AttributeFilter type="XML" path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicies>
<Policy id="default" validate="false">
<PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
<PolicyRule type="ClientCertAuth" errorFatal="true"/>
<PolicyRule type="XMLSigning" errorFatal="true"/>
</Policy>
</SecurityPolicies>
</SPConfig>

By the way:

/path/to/shib/shib/sbin # ./shibd -t
overall configuration is loadable, check console for non-fatal problems

Thanks for any help.

Regards,

Arminas

[Chad La Joie]

So, find out what else is listening on the IP and port number and then
stop it.

Arminas Grigalius wrote:
> Hello everyone,
>
> After installing shibboleth2 Service Provider, we're unable to run shibd
> process.. Error message says:
> 2009-11-02 14:18:38 ERROR Shibboleth.Listener : socket call resulted in
> error (125): Address already in use
> 2009-11-02 14:18:38 CRIT Shibboleth.Listener : failed to bind to socket.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

[Arminas Grigalius]

Thanks Chad for quick answer. You're right, Shibboleth socket was already created, so adding "-f" parameter to shibd solved my problems..

2009/11/2 Chad La Joie <chad....@switch.ch>