ECP env:Client fault code response

Genevieve Turner genevieve.turner at anu.edu.au
Thu Aug 1 21:28:31 EDT 2013 

I am having issues in my attempt to get ECP working.  I can retrieve the initial ECP SOAP authentication request message from the SP. I then post something similar to the following to the IdP (URL is https://example-idp.org/idp/profile/SAML2/SOAP/ECP) with the basic authorization headers:

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
                <S:Header/>
                <S:Body>
                                <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://example.org/Shibboleth.sso/SAML2/ECP" ID="_550cad63fe809d0ad9b2451e8790c904"
                                                                IssueInstant="2013-07-25T01:20:34Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Version="2.0">
                                                <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://example.org/shibboleth</saml:Issuer<https://example.org/shibboleth%3c/saml:Issuer>>
                                                <samlp:NameIDPolicy AllowCreate="1"/>
                                </samlp:AuthnRequest>
                </S:Body>
</S:Envelope>

And I receive in return a http response code of 500 with the following message:

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
                <env:Body>
                                <env:Fault>
                                                <faultcode>env:Client</faultcode>
                                                <faultstring>An error occurred processing the request.</faultstring>
                                                <detail/>
                                </env:Fault>
                </env:Body>
</env:Envelope>

Would someone one this list perhaps have an idea of why the env:Client fault response is occuring?

I note that uApprove is installed and running on the IdP I am trying to authenticate with and that there were issues in 2011 with this (http://marc.info/?l=shibboleth-users&m=132162809207049&w=2).  Could uApprove be the cause of the response or is there something wrong with the message that I am sending to the IdP, or could it be something else?

N.B. example-idp.org and example.org are not the actual addresses I am sending to but rather are representative.

Thank you,

Genevieve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130802/098276f2/attachment.html

More information about the users mailing list