Authentication issue after upgrading to shibboleth-2.5.0-2.1 service provider software

Terry Smith t.smith at aaf.edu.au
Thu Aug 30 17:53:31 EDT 2012 

Hi John,

      The issue may be related to the upgrade changing the user that runs
the shibd process from root to shibd which will impact the shibd processes
ability to read and write various files resulting in the issue you are
seeing.

      Files to look at will include the local copy of the federation
metadata file defined in the backingFilePath of the MetadataProvider and
any certificates keys that are defined in the CredentialResolver,
eg sp-key.pem. Check the ownership and protection of these files to see if
the shibd user can read and or write these files.

      Also have a look in /var/log/shibboleth/shibd_warn.log for warnings
and error messages that may relate to your issue.

Thanks,
Terry.



On Thu, Aug 30, 2012 at 8:19 PM, John Lee <J.C.Q.Lee at kent.ac.uk> wrote:

>  Hi,****
>
> ** **
>
> We have the Shibboleth Service Provider software running on a RHEL6 box,
> which is how users are authenticated to use our web apps. ****
>
> After performing a regular yum update to upgrade to the latest:
> shibboleth-2.5.0-2.1, it is no longer possible to login to our web apps. *
> ***
>
> On-screen message is:****
>
> --------------****
>
> ERROR****
>
> An error occurred while processing your request. Please contact your
> helpdesk or user ID office for assistance.****
>
> This service requires cookies. Please ensure that they are enabled and try
> your going back to your desired resource and trying to login again.****
>
> Use of your browser's back button may cause specific errors that can be
> resolved by going back to your desired resource and trying to login again.
> ****
>
> If you think you were sent here in error, please contact technical support
> ****
>
> Error Message: Message did not meet security requirements****
>
> --------------****
>
> ** **
>
> Have there been any reports of a similar problem, or any suggestions of
> what the problem might be.****
>
> I’ve looked in the following log file and have not found anything obvious:
> ****
>
> /var/log/shibboleth/shibd.log****
>
> ** **
>
> If I downgrade to our original version of the service provider software:
> shibboleth-2.4.3, authentication is fine again.****
>
> ** **
>
> Regards,****
>
> John****
>
> ** **
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
*Terry Smith* | Technical Manager | Australian Access Federation Inc
*Tel:*  +61 7 3138 2424 | *Mob:*  0414 692 424
*Email* t.smith at aaf.edu.au <http://twitter.com/ausaccessfed> | *Web:*
http://www.aaf.edu.au <http://twitter.com/ausaccessfed> *| Support: *
http://supprt.aaf.edu.au <http://twitter.com/ausaccessfed>
*Twitter:* http://twitter.com/ausaccessfed *Facebook: *
http://facebook.com/ausaccessfed
*Mail: PO Box 9432 | Deakin  ACT  2600 | Australia*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120831/67055131/attachment.html

More information about the users mailing list