Upgrade Issue going from 2.3.5. to 2.3.8

Ullfig, Roberto rullfig at uic.edu
Thu Mar 7 11:34:40 EST 2013


OK, I found that login.jsp in 2.3.5 has some significant differences from the one in 2.3.8, namely:

<%@ page import="edu.internet2.middleware.shibboleth.idp.authn.LoginContext" %>
<%@ page import="edu.internet2.middleware.shibboleth.idp.session.*" %>
<%@ page import="edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper" %>
<%@ page import="org.opensaml.saml2.metadata.*" %>

<%
    LoginContext loginContext = HttpServletHelper.getLoginContext(HttpServletHelper.getStorageService(application),
                                                                 application, request);

    EntityDescriptor entityDescriptor = HttpServletHelper.getRelyingPartyMetadata(loginContext.getRelyingPartyId(),
                                                   HttpServletHelper.getRelyingPartyConfirmationManager(application));

    Session userSession = HttpServletHelper.getUserSession(request);
%>

So, what would account for this change?

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Ullfig, Roberto
Sent: Thursday, March 07, 2013 10:05 AM
To: users at shibboleth.net
Subject: Upgrade Issue going from 2.3.5. to 2.3.8

Upgrading from Shib 2.3.5 to 2.3.8 (installing fresh actually). I also upgraded RHEL from 5 to 6 and running a different version of tomcat6 now (tomcat6-6.0.24). I'm unable to get Remote User info on the new server. Comparing logs between then two I see a line missing in the new server's log: "Storing LoginContext to StorageService partition loginContexts, key 0621146c-36cc-4905-9084-3b01d43a730a". Any idea where the issue could be at?

2.3.5:
08:37:18.834 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:233] - Beginning user authentication process.
08:37:18.836 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:279] - Filtering configured LoginHandlers: {urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession=edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler at 2f67d81, urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified=edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler at 4a9a1ac}
08:37:18.837 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:328] - Filtering out previous session login handler because there is no existing IdP session
08:37:18.838 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:460] - Selecting appropriate login handler from filtered set {urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified=edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler at 4a9a1ac}
08:37:18.838 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:493] - Authenticating user with login handler of type edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler
08:37:18.839 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:169] - Storing LoginContext to StorageService partition loginContexts, key 0621146c-36cc-4905-9084-3b01d43a730a
08:37:18.841 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler:66] - Redirecting to https://shibboleth-test.uic.edu:443/idp/Authn/RemoteUser
08:37:23.424 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet:49] - Remote user identified as rullfig returning control back to authentication engine

2.3.8:
09:52:33.705 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:240] - Beginning user authentication process.
09:52:33.705 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:283] - Filtering configured LoginHandlers: {urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession=edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler at 6ef82fe7, urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified=edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler at 68111f9b}
09:52:33.706 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:332] - Filtering out previous session login handler because there is no existing IdP session
09:52:33.706 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:464] - Selecting appropriate login handler from filtered set {urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified=edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler at 68111f9b}
09:52:33.706 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:497] - Authenticating user with login handler of type edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler
09:52:33.706 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserLoginHandler:66] - Redirecting to https://shibboleth-test.uic.edu:443/idp/Authn/RemoteUser
09:52:38.137 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet:77] - No remote user information was present in the request


Roberto Ullfig - rullfig at uic.edu<mailto:rullfig at uic.edu>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130307/5900ae74/attachment-0001.html 


More information about the users mailing list