StatusResponseType must have Status. / xmltooling::ValidationException at (https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST)
Stefan König
s.koenig at uni-tuebingen.de
Mon Feb 20 11:09:45 GMT 2012
Hello,
as soon I solved 2 other problems, it seems there is still another one
(hope this ends once).
The current issue seems more a bug in the software than a configuration
problem to me, as the produced XML seems invalid.
Question:
Is this a configuration issue or a bug in the IdP implementation?
Any suggestions what to do next?
Thanks for you time...
Regards,
Stefan
----
Error Message is:
xmltooling::ValidationException at
(https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST)
StatusResponseType must have Status.
Version Information:
IdP-Version is the one from: shibboleth-identityprovider-2.3.5-bin.zip
2012-02-16 11:41:24 INFO Shibboleth.Config : Shibboleth SP Version 2.4.3
2012-02-16 11:41:24 INFO Shibboleth.Config : Library versions: log4shib
1.0.5, Xerces-C 3.1.1, XML-Security-C 1.6.1, XMLTooling-C 1.4.2,
OpenSAML-C 2.4.3, Shibboleth 1.4.3
It seems that the IdP sends back the following (invalid) XML, which the
SP is complaining about:
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST"
ID="_716eef3f2dbc3cd01facf0211f1d4d73"
InResponseTo="_020ec9805ac690bb79a84f251a992cde"
IssueInstant="2012-02-20T10:36:15.625Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idefix.worldtalk.de/idp</saml2:Issuer>
</saml2p:Response>
=== CUT HERE (idp-processing.log) =====
11:36:15.625 - DEBUG
[org.opensaml.ws.message.encoder.BaseMessageEncoder:49] - Beginning
encode message to outbound transport of type:
org.opensaml.ws.transport.http.HttpServletResponseAdapter
11:36:15.626 - DEBUG
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:124] - Invoking
Velocity template to create POST body
11:36:15.628 - DEBUG
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:158] - Encoding
action url of 'https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST'
with encoded value
'https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST'
11:36:15.628 - DEBUG
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:161] - Marshalling
and Base64 encoding SAML message
11:36:15.628 - DEBUG
[org.opensaml.ws.message.encoder.BaseMessageEncoder:97] - Marshalling
message
11:36:15.639 - DEBUG
[org.opensaml.saml2.binding.encoding.HTTPPostEncoder:184] - Setting
RelayState parameter to: 'https://idefix.worldtalk.de/sp/', encoded as
'https://idefix.worldtalk.de/sp/'
11:36:15.651 - DEBUG [PROTOCOL_MESSAGE:74] -
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST"
ID="_716eef3f2dbc3cd01facf0211f1d4d73"
InResponseTo="_020ec9805ac690bb79a84f251a992cde"
IssueInstant="2012-02-20T10:36:15.625Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idefix.worldtalk.de/idp</saml2:Issuer>
</saml2p:Response>
=== CUT HERE (shibd.log, Note: different but similar request/response
[needed DEBUG enabled]) =====
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
validating input
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
marshalling, deflating, base64-encoding the message
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
marshalled message:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST"
Destination="https://idefix.worldtalk.de/idp/profile/SAML2/Redirect/SSO"
ID="_9988236f4b4dd40ebcec5919b13c38ef"
IssueInstant="2012-02-20T10:56:56Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"><saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idefix.worldtalk.de/idp</saml:Issuer><samlp:NameIDPolicy
AllowCreate="1"/></samlp:AuthnRequest>
2012-02-20 11:56:56 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
message encoded, sending redirect to client
2012-02-20 11:56:57 DEBUG OpenSAML.MessageDecoder.SAML2POST [1]:
validating input
2012-02-20 11:56:57 DEBUG OpenSAML.MessageDecoder.SAML2POST [1]: decoded
SAML message:
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Destination="https://idefix.worldtalk.de/sp/Shibboleth.sso/SAML2/POST"
ID="_a0c4d22bdceb8637cd474eae5051dd5c"
InResponseTo="_9988236f4b4dd40ebcec5919b13c38ef"
IssueInstant="2012-02-20T10:56:56.963Z" Version="2.0"><saml2:Issuer
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idefix.worldtalk.de/idp</saml2:Issuer></saml2p:Response>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4467 bytes
Desc: S/MIME Kryptografische Unterschrift
Url : http://shibboleth.net/pipermail/users/attachments/20120220/dfcf86c7/attachment.bin
More information about the users
mailing list