change IdP IP address and unknown artifact

Athanasios Douitsis aduitsis at
Mon Nov 24 10:43:00 EST 2014

Nope, the messages are actually on the new IP.  My first thought was DNS
TTL, but the old IP was actually down as I had stopped the jail. So I
shouldn't be able to see server if that was so.

The new IP gets the request to /profile/SAML2/SOAP/ArtifactResolution
normally, but for some reason doesn't know about the artifact being
requested. Query, the artifact value is completely opaque, right?

On Mon, Nov 24, 2014 at 5:38 PM, Cantor, Scott <cantor.2 at> wrote:

> On 11/24/14, 3:30 PM, "Athanasios Douitsis" <aduitsis at> wrote:
> >
> >The host system is a FreeBSD 9 jail, and I simply copied the jail to
> >another machine and changed its IP address.
> >
> >After stopping the initial jail, I changed the IdP A record to point to
> >the new IP, I started the second jail with the new  IP and started seeing
> >these messages for a couple of minutes. I reverted back to the original
> >jail as I hadn't expected to run into this kind of trouble.
> If the messages were on the old IP, the cause is DNS caching bugs. If
> they're on the new IP, then the only explanation is that clients are
> getting artifacts from the old one.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at

Athanasios Douitsis
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list