Shibboleth SP crashing during signature computation
Cantor, Scott
cantor.2 at osu.edu
Thu Jul 12 17:24:49 EDT 2012
On 7/12/12 3:51 PM, "Rob Whitener" <rob.whitener at audaxhealth.com> wrote:
>
>Things were going pretty smoothly with our Shibboleth SP installation and
>configuration and suddenly today, the shibd process appears to be
>crashing during the computation of the signature after receiving a
>response from the IDP (I think). Here is what
> I am seeing in the /var/log/shibboleth/shibd.log when it goes down:
Yes, those are some indirect logging messages inside libxml-security. I'd
have to check that code, I don't know if there are any messages that
would show up after that.
If it was working, then something had to have changed of course.
Is there a reason you're signing the requests? Not that it's a good
answer, but that's not generally of any value, so undoing that might at
least be a workaround.
>Our partner is using a Tivoly SAML solution. Beyond syslog and
>shibd.log, is there another place I can look to help debug this?
A stack trace.
>Has anyone seen this problem before?
Unpatched libxml-security has issues signing or verifying with large RSA
keys (which we put out a security advisory for).
> Also, I am using an unsupported version on an unsupported OS:
>Shibboleth 2.3.1 on Ubuntu
> 10.04.
If it's crashing there, it has nothing to do with the Shibboleth version.
If it's not the latest xmlsec code, that probably is the only fix.
-- Scott
More information about the users
mailing list