AW: SP Socket error on daemon start at boot

Zellober, Lutz Lutz.Zellober at verw.uni-hamburg.de
Wed Sep 21 12:40:24 BST 2011 

Hi Peter,

it seems that you are right. But ..

Yes, we have to use a proxy.

Curl and wget couldn't  download the file without the proxy, manual start of the daemon fails also when the proxy is removed from the env.

But adding the curl TransportOption to the shibboleth.xml file doesn't work.

Same error as before.

We switched from an older shibboleth installation. My old configuration included the TransportOption but I forgot about it.

Our old installation worked fine. Now that we changed shibboleth sp version and operating system, we get this error.

Any further idears?

Thanks

Lutz


Lutz Zellober
Universität Hamburg
Regionales Rechenzentrum
SEAIT - IT-Services
Schlüterstr. 64
20146 Hamburg

Tel.:
+49 (0)40 42838 - 4119
Fax:
+49 (0)40 42838 - 7159


E-Mail:
 lutz.zellober at verw.uni-hamburg.de
--------------------------------------------------------
Und wenn alle anderen die von der Partei verbreitete Lüge glaubten - wenn alle Aufzeichnungen gleich lauteten -, dann ging die Lüge in die Geschichte ein und wurde Wahrheit.

Georg Orwell, 1984



-----Ursprüngliche Nachricht-----
Von: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] Im Auftrag von Peter Schober
Gesendet: Mittwoch, 21. September 2011 11:39
An: users at shibboleth.net
Betreff: Re: SP Socket error on daemon start at boot

* Zellober, Lutz <Lutz.Zellober at verw.uni-hamburg.de> [2011-09-21 09:29]:
> When the shibd is started by the init script an error message is
> dropped ( see bottom).

> 2011-09-20 13:22:04 ERROR XMLTooling.ParserPool : fatal error on
> line 0, column 0, message: An exception occurred!
> Type:NetAccessorException, Message:Could not connect to the socket
> for URL
> 'https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-Test-metadata.xml'

> When I start the daemon as root (also using the init script)
> everything works fine.

Do you need to go though a proxy to reach the DFN metadata from your
machine (and does root already have its environment set up to use a
proxy)? Try this for example:

$ curl -O https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-Test-metadata.xml
vs.
$ NO_PROXY="*" curl -O https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-Test-metadata.xml

Or, if you don't have the curl binary installed but have wget, try:
$ wget https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-Test-metadata.xml
vs.
$ wget --no-proxy https://www.aai.dfn.de/fileadmin/metadata/DFN-AAI-Test-metadata.xml

If you've set up root's environment to use a proxy this would also be
inherited to child processes such as starting the shibd manually.

If that's indeed the case here's the documentation for the Shib SP:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPTransportOption
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list