testing idp w/ testshib

Sat Nov 3 10:50:16 EDT 2012

Some debug input from testshib

I do not understand why idp.rice.edu should pop up in the debug? ('dont belong to rice edu)

and tracert to testshib.org points to  testshib2.et-test.psu.edu [128.118.27.86]

any help highly appreciated.

ps. checked entityID matches with xml 'uploaded and the one 'am plugging in the form 

===============

Full Name: URI:http://crl3.digicert.com/ca3-2010a.crl Full Name: URI:http://crl4.digicert.com/ca3-2010a.crl X509v3 Certificate Policies:  Policy: 2.16.840.1.114412.1.3.0.1 CPS: http://www.digicert.com/ssl-cps-repository.htm User Notice: Explicit Text:  X509v3 Extended Key Usage:  TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha1WithRSAEncryption 93:02:07:84:7a:8e:bd:7c:34:18:8a:43:b9:de:41:0c:9c:5d: 2f:ee:43:85:4e:9d:ca:6a:48:26:30:8d:2e:de:9d:8d:62:2c: d7:17:ef:e9:8b:74:09:24:03:3d:11:1f:93:ca:c2:7e:5e:67: 16:d3:d0:59:09:4a:f3:ee:e7:4a:5f:a9:ff:c4:fb:fe:28:d2: ab:0f:bd:5a:41:65:03:40:fc:de:b1:04:34:41:7d:de:80:35: 34:24:6e:f5:b9:aa:5d:fd:34:26:bd:2b:83:fd:b8:c8:be:f2: ac:63:a0:b3:7e:b2:93:37:55:f3:ae:24:42:de:26:9a:68:e3: 25:af:54:9a:db:c7:49:ae:d4:43:20:25:13:2d:c0:5f:ba:3b: 6a:e0:12:c1:21:ca:45:f6:15:48:d7:58:33:cf:3e:c2:1d:38: 5b:04:4f:91:4d:94:f2:6c:ba:1f:d8:fb:c5:49:17:40:54:2a:
 7e:54:50:e0:73:0d:34:b2:b0:75:b5:7f:ef:d0:7e:ea:d6:a7: ff:e7:9e:81:e7:c5:ca:5d:5c:c5:99:ab:f4:a5:f4:8f:8f:e5: 8a:12:7e:48:d1:38:46:4a:2c:3d:86:fc:16:a6:cd:1f:35:af: 7e:ff:3a:05:a8:11:c3:d2:43:2b:cb:45:46:58:5a:32:ee:68: 55:3c:0e:27 2012-11-03 10:39:10 DEBUG XMLTooling.libcurl [147]: SSLv3, TLS alert, Server hello (2): 2012-11-03 10:39:10 DEBUG XMLTooling.libcurl [147]: SSL certificate problem: application verification failure 2012-11-03 10:39:10 DEBUG XMLTooling.libcurl [147]: Closing connection #0 2012-11-03 10:39:10 ERROR Shibboleth.AttributeResolver.Query [147]: exception during SAML query to https://idp.rice.edu/idp/profile/SAML2/SOAP/AttributeQuery: CURLSOAPTransport failed while contacting SOAP endpoint (https://idp.rice.edu/idp/profile/SAML2/SOAP/AttributeQuery): SSL certificate problem: application verification failure
2012-11-03 10:39:10 ERROR Shibboleth.AttributeResolver.Query [147]: unable to obtain a SAML response from attribute authority
2012-11-03 10:39:10 DEBUG Shibboleth.SessionCache [147]: creating new session
2012-11-03 10:39:10 DEBUG Shibboleth.SessionCache [147]: storing new session...
2012-11-03 10:39:10 DEBUG XMLTooling.StorageService [147]: inserted record (session) in context (_6a55d744944f09cd8f68d48315606c4a) with expiration (1351957150)
2012-11-03 10:39:10 DEBUG XMLTooling.StorageService [147]: updated record (_0580f315cfc5f042de39d39759071727) in context (NameID) with expiration (1351982350)
2012-11-03 10:39:10 DEBUG XMLTooling.StorageService [147]: inserted record (_4344350a5055e0bf6abfd597a0ecc868) in context (_6a55d744944f09cd8f68d48315606c4a) with expiration (1351957150)
2012-11-03 10:39:10 INFO Shibboleth.SessionCache [147]: new session created: ID (_6a55d744944f09cd8f68d48315606c4a) IdP (https://idp.rice.edu/idp/shibboleth) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (128.42.199.62)
2012-11-03 10:39:10 DEBUG Shibboleth.SSO.SAML2 [147]: ACS returning via redirect to: https://sp.testshib.org/testing/sample.jsp
2012-11-03 10:39:10 DEBUG Shibboleth.Listener [139]: dispatching message (find::StorageService::SessionCache)
2012-11-03 10:39:10 DEBUG XMLTooling.StorageService [139]: updated expiration of valid records in context (_6a55d744944f09cd8f68d48315606c4a) to (1351957150)
2012-11-03 10:39:31 DEBUG Shibboleth.Listener [143]: dispatching message (default/TestShib::run::SAML2SI)
2012-11-03 10:39:31 WARN Shibboleth.SessionInitiator.SAML2 [143]: unable to locate metadata for provider (https://my.publicdomainip/idp/shibboleth)

________________________________
 From: C G <ci_98yr at yahoo.com>
To: "users at shibboleth.net" <users at shibboleth.net> 
Sent: Saturday, November 3, 2012 8:06 AM
Subject: testing idp w/ testshib

Shib gurus:

We are going in circles testing our idp:

loaded the following idp data (metadata) to testshib and I always get 

opensaml::saml2md::MetadataException at (https://sp.testshib.org/Shibboleth.sso/TestShib)
Unable to locate metadata for identity provider (https://my.publicdomainip.com/idp/shibboleth)

 using self-signed certs, and just tomcat for testing..

Amy pointers to troubleshoot are highly appreciated. Thanks and good day.

PS: if it matters, idp std install was made with "localhost" and later replaced by my.publicdomainip.com

=============Begin uploaded data========
<?xml version="1.0" encoding="UTF-8"?><EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://my.publicdomainip.com/idp/shibboleth" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><IDPSSODescriptor protocolSupportEnumeration="urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"><Extensions><shibmd:Scope regexp="false"/></Extensions><KeyDescriptor><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDDzCCAfegAwIBAgIUVLm52qjJYNuDIE4NUQw/qUh2/dQwDQYJKoZIhvcNAQEF
BQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTEyMTAwNDE3MTA1MloXDTMyMTAw
NDE3MTA1MlowFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAgbMWau8xD7wm3WmY8tlVT5ASeb1AlAr/X62OBaedd9jJ
p4ThzNBL+jAXwoxUgppOLV7XSQmNI7FA5Xm1KW84SQfdGJuvxYBdk/iKtzFbZmww
5ldnmYpkOPeC/4IFpehvkn6BQZWvd2+Vk2RCq2KWzRph0lviU4XMuiME9xbDHav5
cTNYol9pWw6gnvbp10ub0etNRnVOj6MW1oa8Bc50jWLkcoVjXZWLa6yKxhOVa4FZ
thR86bNz+zNjGsLj1u2A53kPaQLL8Zk+c1f/3XotCelDFLx5i1/BaHCvX5Xw1z8y
9yt2BsWYL/McmTLtKniX53jxCZ+2Vkk7o7NPd42f0QIDAQABo1kwVzA2BgNVHREE
LzAtgglsb2NhbGhvc3SGIGh0dHBzOi8vbG9jYWxob3N0L2lkcC9zaGliYm9sZXRo
MB0GA1UdDgQWBBRlQg+b+etC6n20QE7kHBYH61V/fDANBgkqhkiG9w0BAQUFAAOC
AQEADln/5a7HTtneN2xBJDkPd5Dy8lVu+AAAXQ/BEGQ9MHuPGpVWhkqJ3ADaQmBy
eaETtCo7c3tnmANF/hUKVTe7IwQ0
8cOck+DCBJkg75d8kGWDH/Oex1BZct2fyHZ4
fzAspdFCTBctYlpd7Y924qVqbRnvs9MSJZeiI4//aoksV/JottBpZtSKDpDvgDuP
wDu6HO3836rEsulVvM8s+MKyrxOwCiAZOeMKK20galVo+O47IzhmmW3qoWr4v2lt
dxNDpUXamymB84SywjP+puQxhCw/WwgKOhiBhOf4sC52k574WuzVSoOE1lCqeWCq
7m0g1OugkEnrHYXzU/EKOOgryw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor><ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://my.publicdomainip.com/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/><ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://my.publicdomainip.com/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/><NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat><SingleSignOnService
 Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://my.publicdomainip.com/idp/profile/Shibboleth/SSO"/><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://my.publicdomainip.com/idp/profile/SAML2/POST/SSO"/><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://my.publicdomainip.com/idp/profile/SAML2/POST-SimpleSign/SSO"/><SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://my.publicdomainip.com/idp/profile/SAML2/Redirect/SSO"/></IDPSSODescriptor><AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol"><Extensions><shibmd:Scope
 regexp="false"/></Extensions><KeyDescriptor><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDDzCCAfegAwIBAgIUVLm52qjJYNuDIE4NUQw/qUh2/dQwDQYJKoZIhvcNAQEF
BQAwFDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTEyMTAwNDE3MTA1MloXDTMyMTAw
NDE3MTA1MlowFDESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAgbMWau8xD7wm3WmY8tlVT5ASeb1AlAr/X62OBaedd9jJ
p4ThzNBL+jAXwoxUgppOLV7XSQmNI7FA5Xm1KW84SQfdGJuvxYBdk/iKtzFbZmww
5ldnmYpkOPeC/4IFpehvkn6BQZWvd2+Vk2RCq2KWzRph0lviU4XMuiME9xbDHav5
cTNYol9pWw6gnvbp10ub0etNRnVOj6MW1oa8Bc50jWLkcoVjXZWLa6yKxhOVa4FZ
thR86bNz+zNjGsLj1u2A53kPaQLL8Zk+c1f/3XotCelDFLx5i1/BaHCvX5Xw1z8y
9yt2BsWYL/McmTLtKniX53jxCZ+2Vkk7o7NPd42f0QIDAQABo1kwVzA2BgNVHREE
LzAtgglsb2NhbGhvc3SGIGh0dHBzOi8vbG9jYWxob3N0L2lkcC9zaGliYm9sZXRo
MB0GA1UdDgQWBBRlQg+b+etC6n20QE7kHBYH61V/fDANBgkqhkiG9w0BAQUFAAOC
AQEADln/5a7HTtneN2xBJDkPd5Dy8lVu+AAAXQ/BEGQ9MHuPGpVWhkqJ3ADaQmBy
eaETtCo7c3tnmANF/hUKVTe7IwQ0
8cOck+DCBJkg75d8kGWDH/Oex1BZct2fyHZ4
fzAspdFCTBctYlpd7Y924qVqbRnvs9MSJZeiI4//aoksV/JottBpZtSKDpDvgDuP
wDu6HO3836rEsulVvM8s+MKyrxOwCiAZOeMKK20galVo+O47IzhmmW3qoWr4v2lt
dxNDpUXamymB84SywjP+puQxhCw/WwgKOhiBhOf4sC52k574WuzVSoOE1lCqeWCq
7m0g1OugkEnrHYXzU/EKOOgryw==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></KeyDescriptor><AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://my.publicdomainip.com/idp/profile/SAML1/SOAP/AttributeQuery"/><AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://my.publicdomainip.com/idp/profile/SAML2/SOAP/AttributeQuery"/><NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat><NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat></AttributeAuthorityDescriptor></EntityDescriptor>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121103/736fa571/attachment.html 