[Shib-Users] shibsp::ListenerException

[james bardin]

Hello,

I'm walking through the testshib instructions to setup a new SP, but
when I go to test it, i get a shibsp::ListenerException with the
message:
No destination registered for incoming message addressed to
(default/Login::run::SAML2SI).

I'm using the xml config file generated by testshib-two. The
shibboleth 2.1 rpms were installed when I was handed the server, but I
could wipe them and start fresh with the new 2.2 packages if I have
to. SELinux is disabled.

Any ideas on how to approach this?

Thanks
-jim

[Scott Cantor]

james bardin wrote on 2009-06-23:
> I'm using the xml config file generated by testshib-two. The
> shibboleth 2.1 rpms were installed when I was handed the server, but I
> could wipe them and start fresh with the new 2.2 packages if I have
> to. SELinux is disabled.
>
> Any ideas on how to approach this?

Start over. That error is impossible short of a totally corrupt codebase,
and I'm not even sure how you'd get it then.

-- Scott

[james bardin]

On Tue, Jun 23, 2009 at 4:33 PM, Scott Cantor<cant...@osu.edu> wrote:
>
> Start over. That error is impossible short of a totally corrupt codebase,
> and I'm not even sure how you'd get it then.
>

That's what I needed to know. I'll update everything and start fresh.

Thanks!
-jim

[Scott Cantor]

james bardin wrote on 2009-06-23:

If possible, try to do whatever you did involving testshib to replace the
configuration and see if it gives you a similar error. I can only think
there's a bug in there that hasn't come up before involving the
configuration changing underneath the code.

If not, no big deal.

-- Scott

[james bardin]

On Tue, Jun 23, 2009 at 5:05 PM, Scott Cantor<cant...@osu.edu> wrote:

>> That's what I needed to know. I'll update everything and start fresh.
>

> If possible, try to do whatever you did involving testshib to replace the
> configuration and see if it gives you a similar error. I can only think
> there's a bug in there that hasn't come up before involving the
> configuration changing underneath the code.
>

Couldn't replicate the error after I updated.

Just a heads up though, the testshib metatdata is still broken:

ERROR OpenSAML.MetadataProvider.XML : metadata intance failed manual
schema validation checking: AttributeAuthorityDescriptor must have at
least one AttributeService.
CRIT Shibboleth.Application : error building/initializing
MetadataProvider: Metadata instance failed manual schema validation
checking.

Thanks
-jim

[Nate Klingenstein]

James,

> Just a heads up though, the testshib metatdata is still broken:
>
> ERROR OpenSAML.MetadataProvider.XML : metadata intance failed manual
> schema validation checking: AttributeAuthorityDescriptor must have at
> least one AttributeService.
> CRIT Shibboleth.Application : error building/initializing
> MetadataProvider: Metadata instance failed manual schema validation
> checking.

To finally squash this, I turned on validation checking, and found a
significant number of creative user-submitted metadata elements in
testshib-two-metadata.xml. They've been repaired and you should have
no problems now.

testshib-metadata.xml, associated with TestShib Classic, is deprecated
in a couple days, and will not be repaired.

Thanks again,
Nate.

[Ketly Jean-Pierre]

Hello Nate,

 sorry to revive this thread, but I am having the same problem as James.  In my log files I have pretty much the same errors.  I have tried to move the testshib-two-metadata.xml file and cleared my cache and restarted my processes, but non  of that seems to be working.

/var/log/shibboleth/shibd.log
2009-08-13 09:38:39 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (http://www.testshib.org/metadata/testshib-two-metadata.xml)
2009-08-13 09:38:39 DEBUG OpenSAML.MetadataProvider.XML : backing up remote resource to (/usr/local/shibboleth-sp/var/run/shibboleth/testshib-two-metadata.xml)
2009-08-13 09:38:40 ERROR OpenSAML.MetadataProvider.XML : metadata intance failed manual schema validation checking: localizedNameType must have Lang.
2009-08-13 09:38:40 CRIT Shibboleth.Application : error building/initializing MetadataProvider: Metadata instance failed manual schema validation checking.
.
.
.
2009-08-13 09:38:40 INFO Shibboleth.Listener : listener service starting
2009-08-13 09:39:02 DEBUG Shibboleth.Listener [1]: dispatching message (default::getHeaders::Application)
2009-08-13 09:39:02 DEBUG Shibboleth.Listener [1]: dispatching message (default/TestShib::run::SAML2SI)

/var/log/apache2/error.log
[Thu Aug 13 09:38:25 2009] [notice] Apache/2.2.11 (Ubuntu) mod_ssl/2.2.11 OpenSSL/0.9.8g configured -- resuming normal operations
[Thu Aug 13 09:39:02 2009] [error] [client 128.89.80.160] No MetadataProvider available.

I guess I'm at a loss when looking at the logs and what to do to try to get this working again.  Let me know if there is more information I should be providing.

Thank you so much for  any direction you can provide.

--
Ketly Jean-Pierre
Dept. of Systems & Computer Science
CS Graduate Studies President
Sun Campus Ambassador
Howard University

[Nate Klingenstein]

Ketly,

Again, not your fault: this time some invalid metadata was submitted
by an OIOSAML user which had null valued for the xml:lang="" attribute
on several elements.

This has been fixed again, and I'm very sorry for the service
interruptions. I'll reiterate that we should look into adding better
validation of user-submitted XML or disable it entirely, but I'm
swamped for the next few months and will have no chance to do so.

Please download a fresh copy and try again.

Thanks,
Nate.

[Ketly Jean-Pierre]

Thank you for taking care of the problem Nate,  I have deleted the old file and tried to access my SP but I still get the same message.  Is there something else I should be doing?

[Nate Klingenstein]

Ketly,

Fixed another one in another spot(an uncommon element which I didn't
realize needed xml:lang). It should be clean now.

Try, try again,
Nate.

[Ketly Jean-Pierre]

Thanks Nate your so awesome!  It is working now.