null principal in attribute resolver

Daniele Russo ruda76 at gmail.com
Tue Nov 29 14:04:52 GMT 2011 

L'ambiente è composto da 2 nodi di cui solo uno è preposto
all'autenticazione. Davanti c'è un bilanciatore F5 bigip. Non c'è cluster.
Penso che il problema è legato al carico, perchè in questo periodo dove il
carico è molto basso il problema si verifica raramente e in ogni caso non
sono mai riuscito a replicarlo nonostante gli ambienti di sviluppo e
produzione siano uguali.
Posso solo inviare parte del log dove sono sicuro che si è verificato.

Thanks

2011/11/29 Paul Hethmon <paul.hethmon at clareitysecurity.com>

>   Yes, we need to see the error. You'll need to approximate the same
> steps in production. We have to see the complete log info for that request
> that does not work. It has to show the initial authentication request, the
> login itself, the attribute resolution, and the final saml response to the
> client. You might also provide some set up information about your
> production site. Whether you have multiple servers, load balancer,
> clustering in place, etc. All of those things matter.
>
>   --
>
>   Paul Hethmon
> Chief Software Architect
> Clareity Security, LLC
> o) 865.824.1350
> c) 865.250.3517
> e) paul.hethmon at clareitysecurity.com
>
>
>   From: Daniele Russo <ruda76 at gmail.com>
> Reply-To: Shibboleth Users <users at shibboleth.net>
> Date: Tue, 29 Nov 2011 14:53:03 +0100
>
> To: Shibboleth Users <users at shibboleth.net>
> Subject: Re: null principal in attribute resolver
>
>  Hello Paul, this error does not occur to any request to login and above only
> in production environment.
> I think you want to see the logs when this error occurs, or am I wrong?
> Vuoi che seguo comunque le tue istruzioni?
>
> Thanks
>
> 2011/11/29 Paul Hethmon <paul.hethmon at clareitysecurity.com>
>
>>   You need to follow these steps if you want any meaningful help:
>>
>>  1. Shut down the idp
>> 2. Clear all logs
>> 3. Turn on the idp
>> 4. Wait until the idp fully starts, check the process.log
>> 5. Do one login
>> 6. Shut down the idp
>> 7. Post the process.log file starting with the very first authentication
>> request
>>
>>  You can look at the process.log file at step 4 and note the last line
>> in it. Post everything past that point.
>>
>>  Paul
>>
>>
>>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
> -- To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20111129/03fa03fb/attachment.html

More information about the users mailing list