trouble locating the ldap auth error in Shib IdP
Nate Klingenstein
ndk at internet2.edu
Mon Jul 15 00:31:35 EDT 2013
Oleg,
> 19:44:00.227 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:194] - User authentication for USERID failed
> javax.security.auth.login.LoginException: java.lang.NullPointerException
Any time you can get a NullPointerException out of the IdP, there's at least a bug in the exception handling, so a full log on TRACE may help you submit a task at issues.shibboleth.net. It may be a quick fix.
> Login.config file portion
>
> edu.vt.middleware.ldap.jaas.LdapLoginModule required
> ldapURL="ldaps://server.domain.edu"
> port="636"
Having a separate port directive and ldapURL directive is kinda mixing old-style configuration and new style configuration and may lead to unpredictable results(and line 149 of AbstractConnectionHandler make it look like a likely suspect). Try appending the port to the URL, or not bothering including it at all since it's the standard port for that protocol.
> javax.security.auth.login.LoginException: java.lang.NullPointerException
> at java.util.Hashtable.put(Unknown Source)
> at edu.vt.middleware.ldap.handler.AbstractConnectionHandler.connect(AbstractConnectionHandler.java:149)
The perils of backward compatibility…
Thanks,
Nate.
More information about the users
mailing list