ePTID and testShib testing

Nate Klingenstein ndk at internet2.edu
Sat Apr 19 21:45:04 EDT 2014


You'll need to check to see how the eduPersonTargetedID is being encoded and sent to the SP but odds are you're doing that in a way that TestShib should be able to map.  This is almost certainly related to the issues TestShib is currently experiencing with attribute mapping which almost certainly relate to an attempt to load a really, really large folder full of metadata files.

2014-04-18 13:52:11 INFO Shibboleth.Application : building AttributeExtractor of type XML...
2014-04-18 13:52:11 DEBUG Shibboleth.AttributeExtractor.XML : using local resource (/etc/shibboleth/attribute-map.xml), will monitor for changes
2014-04-18 13:52:11 ERROR XMLTooling.Threads : pthread_create error (11): Resource temporarily unavailable
2014-04-18 13:52:11 CRIT Shibboleth.Application : error building AttributeExtractor: Thread creation failed.

In other words, it's not you.  It's TestShib.  And we're working on it.

Sorry for the trouble,

On Apr 19, 2014, at 8:57 AM, Zico <mailzico at gmail.com<mailto:mailzico at gmail.com>> wrote:


I am trying to configure and release ePTID from my IDP. Configuration is almost done in my knowledge from IDP side but whenever I am testing with testShib, the "sample.jsp" page is not returning any "persistent-ID is" value.

>From my IDP's SAML assertion, I can see that ePTID is being released:

10:46:03.940 - INFO [Shibboleth-Audit:1028] - 20140419T144603Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_036ab087c30b046a41cfa4a4885853a1|https://sp.testshib.org/shibboleth-sp|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://test.soemthing/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_aff1923b65fb4abc706fed216572a554|shibtester|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,transientId,eduPersonTargetedID,|_d0492222b3e3f03dae2798356809b4f9|<https://sp.testshib.org/shibboleth-sp%7Curn:mace:shibboleth:2.0:profiles:saml2:sso%7Chttps://test.soemthing/idp/shibboleth%7Curn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST%7C_aff1923b65fb4abc706fed216572a554%7Cshibtester%7Curn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport%7Cuid,transientId,eduPersonTargetedID,%7C_d0492222b3e3f03dae2798356809b4f9%7C>

Here is what I am just getting from testshib testing:

Here are some pieces of information I can tell about you using the information Shibboleth gives me:

  *   referer is: https://test.something/idp/profile/SAML2/Redirect/SSO
  *   Origin is: https://test.something<https://test.something/>
  *   Shib-Session-ID is: _524d77eccc3ea7755bd908e620a0c7b0
  *   Shib-Session-Index is: _5cf88111263d43a19b8bf3a383d849fd
  *   Shib-Identity-Provider is: https://test.something/idp/shibboleth
  *   Shib-Authentication-Method is: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  *   Shib-Authentication-Instant is: 2014-04-19T14:46:02.782Z
  *   Shib-AuthnContext-Class is: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  *   Shib-Application-ID is: default

Any hint what I am missing?

Thanks in advance!

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140420/487c7ac0/attachment.html 

More information about the users mailing list