Single Logout with Shibboleth SP 2.5.1

Paul Brears pbrears at rm.com
Thu Feb 21 12:00:19 EST 2013 

The session ID (_6fd65f6741a779ce70fc0ea95fd00d08) seems to be added
correctly but it doesn't find it when it searches for it at logout?

It also matches the ID in the cookie correctly.  When it says "searching
for session (_6fd65f6741a779ce70fc0ea95fd00d08"  I assume it is that
looking at the ID passed in by the cookie?

Is there anything else I can look for to see why it can't find it?

Is there any reason this might behave differently between Windows and
Linux?

Regards,

Paul

2013-02-21 16:05:51 DEBUG XMLTooling.StorageService [11]: inserted
record (_e532af83-68e2-42ad-827b-d6aec98ff0f1) in context
(_6fd65f6741a779ce70fc0ea95fd00d08) with expiration (1361466351)
2013-02-21 16:05:51 INFO Shibboleth.SessionCache [11]: new session
created: ID (_6fd65f6741a779ce70fc0ea95fd00d08) IdP (http://IDP)
Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address ()
2013-02-21 16:05:51 DEBUG XMLTooling.StorageService [11]: deleted record
(faa944f2ac28032d235cdbbd074e6e298e5a2646d198762f8c451432d23ef57d) in
context (RelayState)
2013-02-21 16:05:51 DEBUG Shibboleth.SSO.SAML2 [11]: ACS returning via
redirect to: http://SP/secure/
2013-02-21 16:05:51 DEBUG Shibboleth.Listener [13]: dispatching message
(find::StorageService::SessionCache)
2013-02-21 16:05:51 DEBUG XMLTooling.StorageService [13]: updated
expiration of valid records in context
(_6fd65f6741a779ce70fc0ea95fd00d08) to (1361466351)
2013-02-21 16:05:51 DEBUG Shibboleth.Listener [13]: dispatching message
(touch::StorageService::SessionCache)
2013-02-21 16:05:51 DEBUG XMLTooling.StorageService [13]: updated
expiration of valid records in context
(_6fd65f6741a779ce70fc0ea95fd00d08) to (1361466351)
2013-02-21 16:05:51 DEBUG Shibboleth.Listener [7]: dispatching message
(find::StorageService::SessionCache)
2013-02-21 16:05:51 DEBUG XMLTooling.StorageService [7]: updated
expiration of valid records in context
(_6fd65f6741a779ce70fc0ea95fd00d08) to (1361466351)
2013-02-21 16:05:51 DEBUG Shibboleth.Listener [14]: dispatching message
(find::StorageService::SessionCache)
2013-02-21 16:05:51 DEBUG XMLTooling.StorageService [14]: updated
expiration of valid records in context
(_6fd65f6741a779ce70fc0ea95fd00d08) to (1361466351)
2013-02-21 16:06:23 DEBUG Shibboleth.Listener [8]: dispatching message
(find::StorageService::SessionCache)
2013-02-21 16:06:23 DEBUG XMLTooling.StorageService [8]: updated
expiration of valid records in context
(_6fd65f6741a779ce70fc0ea95fd00d08) to (1361466383)


2013-02-21 16:10:44 DEBUG OpenSAML.MessageDecoder.SAML2 [9]: message
from (http://IDP)
2013-02-21 16:10:44 DEBUG OpenSAML.MessageDecoder.SAML2 [9]: searching
metadata for message issuer...
2013-02-21 16:10:44 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [9]:
evaluating message flow policy (replay checking on, expiration 60)
2013-02-21 16:10:44 DEBUG XMLTooling.StorageService [9]: inserted record
(_f96180b4-0cd1-4962-a940-7d8b1d498d3a) in context (MessageFlow) with
expiration (1361463285)
2013-02-21 16:10:44 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [9]:
validating signature profile
2013-02-21 16:10:44 DEBUG XMLTooling.TrustEngine.ExplicitKey [9]:
attempting to validate signature with the peer's credentials
2013-02-21 16:10:44 DEBUG XMLTooling.TrustEngine.ExplicitKey [9]:
signature validated with credential
2013-02-21 16:10:44 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [9]:
signature verified against message issuer
2013-02-21 16:10:44 DEBUG Shibboleth.SessionCache [9]: searching for
session (_6fd65f6741a779ce70fc0ea95fd00d08)
2013-02-21 16:10:44 DEBUG Shibboleth.SessionCache [9]: reconstituting
session and checking validity
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: unmarshalling DOM
element (saml:NameID)
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: unmarshalling
attributes for DOM element (saml:NameID)
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: processing generic
attribute
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: processing generic
attribute
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: found namespace
declaration, adding it to the list of namespaces on the XMLObject
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: unmarshalling child
nodes of DOM element (saml:NameID)
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: processing text
content at position (0)
2013-02-21 16:10:44 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [9]:
validating input
2013-02-21 16:10:44 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [9]:
marshalling, deflating, base64-encoding the message
2013-02-21 16:10:44 DEBUG XMLTooling.XMLObject [9]: starting to marshal
samlp:LogoutResponse



-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: 21 February 2013 15:57
To: Shib Users
Subject: RE: Single Logout with Shibboleth SP 2.5.1

> Is there any other debugging I can enable to see why it's not 
> processing on the Linux server?

The active session in the client is not one of the sessions in the set
matching the logout request, so it returns an error. That's the only
place in the code it returns that status.

Probably should be logging that though.

-- Scott


--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
____________________________________________________________________

RM Unify is your Launch Pad to the Cloud - a single sign-on system,
Application Library and Management Console designed specifically
for education.

RM Unify will be available in March 2013 - sign up today to be amongst
the first to join the single sign-on revolution!
Find out more or sign up today > www.rm.com/rmunify

____________________________________________________________________

P.S. Think Green - don't print this email unless you really need to.

This message is confidential. You should not copy it or disclose its contents to anyone. You may use and apply the information only for the intended purpose. Internet communications are not secure and therefore RM Education does not accept legal responsibility for the contents of this message. Any views or opinions presented are only those of the author and not those of RM Education. If this email has come to you in error please delete it and any attachments. Please note that RM Education may intercept incoming and outgoing email communications.

RM Education Ltd is a company registered in England and Wales, Company Reg. No: 01148594; Registered Office: New Mill House, 183 Milton Park, Abingdon, OXON OX14 4SE; VAT No: 630 8236 56

More information about the users mailing list