IdP encoding error

Rod Widdowson rdw at steadingsoftware.com
Mon Feb 4 16:11:42 EST 2013 

WAG: Could you be encoding a non scoped attribute definition ( xsi:type = "simple") with a scoped attribute encoder?  Anyway that is a pretty unfriendly failure, can you enter a JIRA case?

Sent from my iPad

On 4 Feb 2013, at 20:15, David Bantz <dabantz at alaska.edu> wrote:

> 
> 
> Shibb successfully authenticated this user, looked up source attribute values in LDAP, resolved 30 attributes, filtered down to 9 attributes to release, and began encoding them:
> 
> 13:03:21.401 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:136] - shibboleth.AttributeResolver resolved, for principal jadupras, the attributes: [uid, eduPersonAffiliation, surname, eduPersonScopedAffiliation, LastName, eduPersonTargetedID.old, principal, uaADIdentifier, urn:oid:1.3.6.1.4.1.5923.1.1.1.6-with-inline-scope, AtomicLearningEPA, uasystemid, uakstudentdept, transientId, uaadsystemid, uakPersonID, uakstudentcampus, email, ContactRefCode, eduPersonPrincipalName, givenName, bannerid, title, FirstName, eduPersonEntitlement, LogoutURL, commonName, eduPersonTargetedID, BBConnectFedID, employeeNumber, displayname]
> 13:03:21.401 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:70] - shibboleth.AttributeFilterEngine filtering 30 attributes for principal jadupras
> 
>> 
> 13:03:21.418 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:112] - Filtered attributes for principal jadupras.  The following attributes remain: [eduPersonScopedAffiliation, eduPersonTargetedID.old, uasystemid, uakstudentdept, transientId, uakstudentcampus, eduPersonPrincipalName, eduPersonEntitlement, eduPersonTargetedID]
> 
> 
> The error occurred during the encoding of the values (below).
> I'm requesting help identifying the underlying error.  
> Is the encoder choking on the value of ePPN??
> 
> 
> 13:03:21.418 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:498] - Creating attribute statement in response to SAML request '_135966969461' from relying party 'http://login.proxy.library.uaf.edu/ezproxy'
> 13:03:21.418 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:214] - Encoded attribute eduPersonScopedAffiliation with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2ScopedStringAttributeEncoder
> 13:03:21.418 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:225] - Attribute eduPersonTargetedID.old was not encoded because no SAML2AttributeEncoder was attached to it.
> 13:03:21.419 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:214] - Encoded attribute uasystemid with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
> 13:03:21.419 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder:73] - Unable to encode uakstudentdept attribute.  It does not contain any values
> 13:03:21.419 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:225] - Attribute uakstudentdept was not encoded because no SAML2AttributeEncoder was attached to it.
> 13:03:21.419 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:225] - Attribute transientId was not encoded because no SAML2AttributeEncoder was attached to it.
> 13:03:21.419 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder:73] - Unable to encode uakstudentcampus attribute.  It does not contain any values
> 13:03:21.419 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:225] - Attribute uakstudentcampus was not encoded because no SAML2AttributeEncoder was attached to it.
> 13:03:21.421 - ERROR [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:88] - Error occurred while processing request
> 
> java.lang.ClassCastException: java.lang.String cannot be cast to edu.internet2.middleware.shibboleth.common.attribute.provider.ScopedAttributeValue
>        at edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.AbstractScopedAttributeEncoder.encodeAttributeValues(AbstractScopedAttributeEncoder.java:142) ~[shibboleth-common-1.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2ScopedStringAttributeEncoder.encode(SAML2ScopedStringAttributeEncoder.java:86) ~[shibboleth-common-1.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2ScopedStringAttributeEncoder.encode(SAML2ScopedStringAttributeEncoder.java:37) ~[shibboleth-common-1.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority.encodeAttributes(ShibbolethSAML2AttributeAuthority.java:210) ~[shibboleth-common-1.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority.buildAttributeStatement(ShibbolethSAML2AttributeAuthority.java:117) ~[shibboleth-common-1.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.buildAttributeStatement(AbstractSAML2ProfileHandler.java:508) ~[shibboleth-identityprovider-2.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.completeAuthenticationRequest(SSOProfileHandler.java:275) ~[shibboleth-identityprovider-2.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:164) ~[shibboleth-identityprovider-2.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:87) ~[shibboleth-identityprovider-2.3.0.jar:na]
>        at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) ~[shibboleth-common-1.3.0.jar:na]
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]
>        at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49) [shibboleth-identityprovider-2.3.0.jar:na]
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]
>        at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80) [shibboleth-identityprovider-2.3.0.jar:na]
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]
>        at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51) [shibboleth-common-1.3.0.jar:na]
>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.32]
>        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina.jar:6.0.32]
>        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:554) [catalina.jar:6.0.32]
>        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.32]
>        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) [catalina.jar:6.0.32]
>        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) [tomcat-coyote.jar:6.0.32]
>        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) [tomcat-coyote.jar:6.0.32]
>        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.32]
>        at java.lang.Thread.run(Thread.java:662) [na:1.6.0_29]
> 13:03:27.840 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:133] - Redirecting to login page /login.jsp
> 
> David Bantz
> UA OIT IAM
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list