Shibboleth IDP Issues while performing Single Sign On

issacv b35740 at freescale.com
Thu Nov 27 09:03:49 EST 2014 

Hi Team,We have 2 external sites that needs to be authenticated using a
single Login system by using Shibboleth-SSO. We have followed steps
mentioned in the site here
https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+IntegrationWe are
getting 2 issues one each for the External Site(1) External Site 1 : On this
external site 1 when we click on Login, it takes us to our SSO Login page
and user gets logged in. On the external site the user is properly logged in
and can see his profile. Now he clicks on Logout, it logs him out. Now he
clicks on Login again, but it does not take him to our SSO Login page. It
Logs the user in and shows him his profile. It looks like on clicking Login
again after logout, it directly got user credentials from Shibboleth IDP
User cache and didn’t went to SSO, to check if user is logged in or not. In
our handler.xml the Login Handler being used are *       
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified                   
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport                         
urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession    *Could you please
let us know why this happened and how it can be resolved.(2) External Site 2
: On this external site 2 when we click Login, it goes to the
IDP(idp/profile/SAML2/Redirect/SSO) and we get these Warning and Error
message in the idp-process.log. It is not going to our SSO Login
Page.*23:52:41.516 - WARN
[org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:81] -
SPSSODescriptor role metadata for entityID 'freescale.staging.e2open.com'
could not be resolved23:52:41.562 - WARN
[org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:195]
- Simple signature validation (with no request-derived credentials)
failed23:52:41.563 - WARN
[org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:138]
- Validation of request simple signature failed for context issuer:
freescale.staging.e2open.com23:52:41.572 - WARN
[edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:377]
- Message did not meet security
requirementsorg.opensaml.ws.security.SecurityPolicyException: Validation of
request simple signature failed for context issuer*Could you please let us
know why this error comes up. Is it due to any SP-IDP Metadata issue??
External Site 2 has provided the SP metadata. And we have mapped the
External Site 2 metadata in relying-party.xml as for example Kindly request
your help in solving these issues.Thanks,Issac



--
View this message in context: http://shibboleth.1660669.n2.nabble.com/Shibboleth-IDP-Issues-while-performing-Single-Sign-On-tp7609413.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141127/96219d58/attachment.html

More information about the users mailing list