StatusResponseType must have Status. / xmltooling::ValidationException at (https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST)

Stefan König s.koenig at uni-tuebingen.de
Mon Feb 20 11:09:45 GMT 2012 

Hello,

as soon I solved 2 other problems, it seems there is still another one 
(hope this ends once).
The current issue seems more a bug in the software than a configuration 
problem to me, as the produced XML seems invalid.

Question:
Is this a configuration issue or a bug in the IdP implementation?
Any suggestions what to do next?

Thanks for you time...

Regards,
Stefan
----

Error Message is:

xmltooling::ValidationException at 
(https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST)

StatusResponseType must have Status.


Version Information:
IdP-Version is the one from: shibboleth-identityprovider-2.3.5-bin.zip
2012-02-16 11:41:24 INFO Shibboleth.Config : Shibboleth SP Version 2.4.3
2012-02-16 11:41:24 INFO Shibboleth.Config : Library versions: log4shib 
1.0.5, Xerces-C 3.1.1, XML-Security-C 1.6.1, XMLTooling-C 1.4.2, 
OpenSAML-C 2.4.3, Shibboleth 1.4.3




It seems that the IdP sends back the following (invalid) XML, which the 
SP is complaining about:

<?xml version="1.0" encoding="UTF-8"?><saml2p:Response 
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" 
Destination="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST" 
ID="_716eef3f2dbc3cd01facf0211f1d4d73" 
InResponseTo="_020ec9805ac690bb79a84f251a992cde" 
IssueInstant="2012-02-20T10:36:15.625Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idefix.worldtalk.de/idp</saml2:Issuer>
</saml2p:Response>




=== CUT HERE (idp-processing.log) =====
11:36:15.625 - DEBUG 
[org.opensaml.ws.message.encoder.BaseMessageEncoder:49] - Beginning 
encode message to outbound transport of type: 
org.opensaml.ws.transport.http.HttpServletResponseAdapter
11:36:15.626 - DEBUG 
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:124] - Invoking 
Velocity template to create POST body
11:36:15.628 - DEBUG 
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:158] - Encoding 
action url of 'https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST' 
with encoded value 
'https&#x3a;&#x2f;&#x2f;idefix.worldtalk.de&#x2f;sp&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
11:36:15.628 - DEBUG 
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:161] - Marshalling 
and Base64 encoding SAML message
11:36:15.628 - DEBUG 
[org.opensaml.ws.message.encoder.BaseMessageEncoder:97] - Marshalling 
message
11:36:15.639 - DEBUG 
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:184] - Setting 
RelayState parameter to: 'https://idefix.worldtalk.de/sp/', encoded as 
'https&#x3a;&#x2f;&#x2f;idefix.worldtalk.de&#x2f;sp&#x2f;'
11:36:15.651 - DEBUG [PROTOCOL_MESSAGE:74] -
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response 
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" 
Destination="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST" 
ID="_716eef3f2dbc3cd01facf0211f1d4d73" 
InResponseTo="_020ec9805ac690bb79a84f251a992cde" 
IssueInstant="2012-02-20T10:36:15.625Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idefix.worldtalk.de/idp</saml2:Issuer>
</saml2p:Response>

=== CUT HERE (shibd.log, Note: different but similar request/response 
[needed DEBUG enabled]) =====
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: 
validating input
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: 
marshalling, deflating, base64-encoding the message
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: 
marshalled message:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
AssertionConsumerServiceURL="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST" 
Destination="https://idefix.worldtalk.de/idp/profile/SAML2/Redirect/SSO" 
ID="_9988236f4b4dd40ebcec5919b13c38ef" 
IssueInstant="2012-02-20T10:56:56Z" 
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Version="2.0"><saml:Issuer 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idefix.worldtalk.de/idp</saml:Issuer><samlp:NameIDPolicy 
AllowCreate="1"/></samlp:AuthnRequest>
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: 
message encoded, sending redirect to client
2012-02-20 11:56:57 DEBUG OpenSAML.MessageDecoder.SAML2POST [1]: 
validating input
2012-02-20 11:56:57 DEBUG OpenSAML.MessageDecoder.SAML2POST [1]: decoded 
SAML message:
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response 
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" 
Destination="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST" 
ID="_a0c4d22bdceb8637cd474eae5051dd5c" 
InResponseTo="_9988236f4b4dd40ebcec5919b13c38ef" 
IssueInstant="2012-02-20T10:56:56.963Z" Version="2.0"><saml2:Issuer 
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" 
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idefix.worldtalk.de/idp</saml2:Issuer></saml2p:Response>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4467 bytes
Desc: S/MIME Kryptografische Unterschrift
Url : http://shibboleth.net/pipermail/users/attachments/20120220/dfcf86c7/attachment.bin

More information about the users mailing list