idp login issue connecting to ldap

Jason Separovic jseppa01 at gmail.com
Sun Aug 2 17:03:09 EDT 2015 

Here¹s the trace info when I go to http://docs.google.com/a/jseppa.com

2015-08-01 14:09:06,821 - DEBUG
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:64
] - Decoded RelayState:
https://www.google.com/a/jseppa.com/ServiceLogin?service=writely&passive=tru
e&continue=https%3A%2F%2Fdocs.google.com%2Fa%2Fjseppa.com%2F%23&followup=htt
ps%3A%2F%2Fdocs.google.com%2Fa%2Fjseppa.com%2F&ltmpl=homepage
2015-08-01 14:09:06,822 - DEBUG
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:96
] - Base64 decoding and inflating SAML message
2015-08-01 14:09:06,823 - DEBUG
[org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:79
] - Decoded SAML message
2015-08-01 14:09:06,823 - DEBUG [PROTOCOL_MESSAGE:121] -
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://www.google.com/a/jseppa.com/acs"
    ID="gohjohbmlndfeimaibecjgbdemkfpidkfhneafad" IsPassive="false"
    IssueInstant="2015-08-01T21:09:06Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="google.com" Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">google.com/a/jseppa.com</
saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</samlp:AuthnRequest>

2015-08-01 14:09:06,824 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile
Action PopulateAuditContext: Skipping field 'p' not included in audit format
2015-08-01 14:09:06,824 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile
Action PopulateAuditContext: Skipping field 'pasv' not included in audit
format
2015-08-01 14:09:06,824 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile
Action PopulateAuditContext: Adding 1 value for field 'I'
2015-08-01 14:09:06,824 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile
Action PopulateAuditContext: Adding 1 value for field 'b'
2015-08-01 14:09:06,824 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile
Action PopulateAuditContext: Skipping field 'D' not included in audit format
2015-08-01 14:09:06,824 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile
Action PopulateAuditContext: Skipping field 'fauth' not included in audit
format
2015-08-01 14:09:06,825 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler' on
INBOUND message context
2015-08-01 14:09:06,825 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,826 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.saml1.binding.impl.SAML1ArtifactRequestIssuerHandler' on
INBOUND message context
2015-08-01 14:09:06,826 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,826 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler' on
INBOUND message context
2015-08-01 14:09:06,826 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,827 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler' on INBOUND
message context
2015-08-01 14:09:06,827 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,828 - DEBUG
[org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:124] -
Message Handler:  
org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to
MessageContext
2015-08-01 14:09:06,830 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandl
er' on INBOUND message context
2015-08-01 14:09:06,831 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,831 - DEBUG
[org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandl
er:129] - Message Handler:  Selecting default AttributeConsumingService, if
any
2015-08-01 14:09:06,832 - DEBUG
[org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:186] -
Resolving AttributeConsumingService candidates from SPSSODescriptor
2015-08-01 14:09:06,832 - DEBUG
[org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:141] -
AttributeConsumingService candidate list was empty, can not select service
2015-08-01 14:09:06,832 - DEBUG
[org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandl
er:137] - Message Handler:  No AttributeConsumingService selected
2015-08-01 14:09:06,833 - DEBUG
[net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLP
eer:132] - Profile Action InitializeRelyingPartyContextFromSAMLPeer:
Attaching RelyingPartyContext based on SAML peer google.com/a/jseppa.com
2015-08-01 14:09:06,833 - DEBUG
[net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolv
er:284] - Resolving relying party configuration
2015-08-01 14:09:06,834 - DEBUG
[net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolv
er:296] - Checking if relying party configuration
EntityNames[google.com/a/jseppa.com,] is applicable
2015-08-01 14:09:06,834 - DEBUG
[net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolv
er:298] - Relying party configuration EntityNames[google.com/a/jseppa.com,]
is applicable
2015-08-01 14:09:06,834 - DEBUG
[net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] -
Profile Action SelectRelyingPartyConfiguration: Found relying party
configuration EntityNames[google.com/a/jseppa.com,] for request
2015-08-01 14:09:06,835 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile
Action PopulateAuditContext: Adding 1 value for field 'IDP'
2015-08-01 14:09:06,835 - DEBUG
[net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile
Action PopulateAuditContext: Adding 1 value for field 'SP'
2015-08-01 14:09:06,840 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.PopulateProfileInterceptorConte
xt:126] - Profile Action PopulateProfileInterceptorContext: Installing flow
intercept/security-policy/saml2-sso into interceptor context
2015-08-01 14:09:06,841 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:
52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have
non-browser requirement, nothing to do
2015-08-01 14:09:06,841 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:10
1] - Profile Action SelectProfileInterceptorFlow: Checking flow
intercept/security-policy/saml2-sso for applicability...
2015-08-01 14:09:06,841 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:84
] - Profile Action SelectProfileInterceptorFlow: Selecting flow
intercept/security-policy/saml2-sso
2015-08-01 14:09:06,842 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHand
ler' on INBOUND message context
2015-08-01 14:09:06,842 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,843 - DEBUG
[org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHand
ler:156] - Message Handler:  Checking SAML message intended destination
endpoint against receiver endpoint
2015-08-01 14:09:06,843 - DEBUG
[org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHand
ler:175] - Message Handler:  SAML message intended destination endpoint was
empty, not required by binding, skipping
2015-08-01 14:09:06,844 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler
' on INBOUND message context
2015-08-01 14:09:06,844 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,844 - DEBUG
[org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler
:151] - Message Handler:  Evaluating message replay for message ID
'gohjohbmlndfeimaibecjgbdemkfpidkfhneafad', issue instant
'2015-08-01T21:09:06.000Z', entityID 'google.com/a/jseppa.com'
2015-08-01 14:09:06,845 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandl
er' on INBOUND message context
2015-08-01 14:09:06,845 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,846 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecur
ityHandler' on INBOUND message context
2015-08-01 14:09:06,846 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,846 - DEBUG
[org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecur
ityHandler:80] - SPSSODescriptor for entity ID 'google.com/a/jseppa.com'
does not require AuthnRequests to be signed
2015-08-01 14:09:06,846 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignat
ureSecurityHandler' on INBOUND message context
2015-08-01 14:09:06,847 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,847 - DEBUG
[org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignat
ureSecurityHandler:102] - Message Handler:  SAML protocol message was not
signed, skipping XML signature processing
2015-08-01 14:09:06,852 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSigna
tureSecurityHandler' on INBOUND message context
2015-08-01 14:09:06,852 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,853 - DEBUG
[org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecur
ityHandler:148] - Message Handler:  Evaluating simple signature rule of
type: 
org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignat
ureSecurityHandler
2015-08-01 14:09:06,853 - DEBUG
[org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecur
ityHandler:157] - Message Handler:  HTTP request was not signed via simple
signature mechanism, skipping
2015-08-01 14:09:06,854 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecuri
tyHandler' on INBOUND message context
2015-08-01 14:09:06,854 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,854 - DEBUG
[org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecur
ityHandler:148] - Message Handler:  Evaluating simple signature rule of
type: 
org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurit
yHandler
2015-08-01 14:09:06,854 - DEBUG
[org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecur
ityHandler:151] - Message Handler:  Handler can not handle this request,
skipping processing
2015-08-01 14:09:06,855 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler of type
'org.opensaml.messaging.handler.impl.CheckMandatoryIssuer' on INBOUND
message context
2015-08-01 14:09:06,855 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile
Action WebFlowMessageHandlerAdaptor: Invoking message handler on message
context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-08-01 14:09:06,856 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.WriteProfileInterceptorResultTo
Storage:68] - Profile Action WriteProfileInterceptorResultToStorage: No
results available from interceptor context, nothing to store
2015-08-01 14:09:06,856 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:
52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have
non-browser requirement, nothing to do
2015-08-01 14:09:06,856 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:65
] - Profile Action SelectProfileInterceptorFlow: Moving completed flow
intercept/security-policy/saml2-sso to completed set, selecting next one
2015-08-01 14:09:06,857 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:80
] - Profile Action SelectProfileInterceptorFlow: No flows available to
choose from
2015-08-01 14:09:06,860 - DEBUG
[net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149]
- Profile Action InitializeOutboundMessageContext: Initialized outbound
message context
2015-08-01 14:09:06,862 - DEBUG
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:367
] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve
endpoint of type 
{urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound
message
2015-08-01 14:09:06,862 - TRACE
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:382
] - Profile Action PopulateBindingAndEndpointContexts: Candidate outbound
bindings: [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST,
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign,
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact]
2015-08-01 14:09:06,862 - DEBUG
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:505
] - Profile Action PopulateBindingAndEndpointContexts: Populating template
endpoint for resolution from SAML AuthnRequest
2015-08-01 14:09:06,863 - DEBUG
[org.opensaml.saml.common.binding.AbstractEndpointResolver:220] - Endpoint
Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:
Returning 1 candidate endpoints of type
{urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2015-08-01 14:09:06,863 - DEBUG
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:409
] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at
location https://www.google.com/a/jseppa.com/acs using binding
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2015-08-01 14:09:06,869 - DEBUG
[org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:18
4] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2015-08-01 14:09:06,869 - DEBUG
[org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:19
7] - Profile Action PopulateSignatureSigningParameters: Resolving
SignatureSigningParameters for request
2015-08-01 14:09:06,870 - DEBUG
[org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:22
9] - Profile Action PopulateSignatureSigningParameters: Adding metadata to
resolution criteria for signing/digest algorithms
2015-08-01 14:09:06,870 - DEBUG
[org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:23
7] - Profile Action PopulateSignatureSigningParameters: Resolved
SignatureSigningParameters
2015-08-01 14:09:06,871 - DEBUG
[org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:18
7] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2015-08-01 14:09:06,872 - DEBUG
[net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:298
] - Profile Action PopulateEncryptionParameters: No encryption requested,
nothing to do
2015-08-01 14:09:06,875 - DEBUG
[net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:144] -
Profile Action ExtractSubjectFromRequest: No Subject NameID or
NameIdentifier in message
2015-08-01 14:09:06,875 - DEBUG
[org.opensaml.saml.common.profile.impl.VerifyChannelBindings:154] - Profile
Action VerifyChannelBindings: No channel bindings found to verify, nothing
to do
2015-08-01 14:09:06,877 - DEBUG
[net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:101] -
Profile Action InitializeAuthenticationContext: Created authentication
context 
AuthenticationContext{initiationInstant=2015-08-01T14:09:06.877-07:00,
isPassive=false, forceAuthn=false, hintedName=null, potentialFlows=[],
activeResults=[], attemptedFlow=null, signaledFlowId=null,
resultCacheable=true, completionInstant=1969-12-31T16:00:00.000-08:00}
2015-08-01 14:09:06,878 - DEBUG
[net.shibboleth.idp.session.impl.PopulateSessionContext:131] - Profile
Action PopulateSessionContext: No session found for client
2015-08-01 14:09:06,879 - DEBUG
[net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:125] - Profile
Action PopulateAuthenticationContext: Installing custom
PrincipalEvalPredicateFactoryRegistry into AuthenticationContext
2015-08-01 14:09:06,879 - DEBUG
[net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:158] - Profile
Action PopulateAuthenticationContext: Installed 1 authentication flows into
AuthenticationContext
2015-08-01 14:09:06,879 - DEBUG
[net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:53] - Profile Action
FilterFlowsByForcedAuthn: Request does not have forced authentication
requirement, nothing to do
2015-08-01 14:09:06,880 - DEBUG
[net.shibboleth.idp.authn.impl.FilterFlowsByPassivity:53] - Profile Action
FilterFlowsByPassivity: Request does not have passive requirement, nothing
to do
2015-08-01 14:09:06,880 - DEBUG
[net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:53] - Profile
Action FilterFlowsByNonBrowserSupport: Request does not have non-browser
requirement, nothing to do
2015-08-01 14:09:06,881 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:241] - Profile
Action SelectAuthenticationFlow: No specific Principals requested
2015-08-01 14:09:06,881 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:267] - Profile
Action SelectAuthenticationFlow: No usable active results available,
selecting an inactive flow
2015-08-01 14:09:06,881 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:309] - Profile
Action SelectAuthenticationFlow: Selecting inactive authentication flow
authn/Password
2015-08-01 14:09:06,882 - DEBUG
[net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:115] -
Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate
Authorization header found
2015-08-01 14:09:06,912 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'en'
2015-08-01 14:09:06,913 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'en'
2015-08-01 14:09:06,913 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'en'
2015-08-01 14:09:06,913 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'fr'
2015-08-01 14:09:06,914 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'de'
2015-08-01 14:09:06,914 - DEBUG
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:363] - Not a usual
scheme, returning name of 'google.com/a/jseppa.com'
2015-08-01 14:09:06,917 - DEBUG
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:787] - No UIInfo or
logos returning null
2015-08-01 14:09:06,917 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:09:06,918 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:09:06,918 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:09:06,918 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:09:06,919 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:09:06,919 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:09:06,919 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:09:06,919 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:09:06,919 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:09:06,919 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:09:06,920 - DEBUG
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:529] - No description
matching the languages found, returning null




And then type username/password at idp login form yields:

2015-08-01 14:05:21,056 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'en'
2015-08-01 14:05:21,057 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'en'
2015-08-01 14:05:21,057 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'en'
2015-08-01 14:05:21,058 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'fr'
2015-08-01 14:05:21,058 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:315] - No name in
UIINFO for 'de'
2015-08-01 14:05:21,058 - DEBUG
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:363] - Not a usual
scheme, returning name of 'google.com/a/jseppa.com'
2015-08-01 14:05:21,059 - DEBUG
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:787] - No UIInfo or
logos returning null
2015-08-01 14:05:21,059 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:05:21,059 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:05:21,059 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:05:21,059 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:05:21,060 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:05:21,060 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:05:21,060 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:05:21,060 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:05:21,060 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:380] - No UIInfo
2015-08-01 14:05:21,060 - TRACE
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:402] - No ACS found
2015-08-01 14:05:21,061 - DEBUG
[net.shibboleth.idp.ui.context.RelyingPartyUIContext:529] - No description
matching the languages found, returning null




Date: Sat, 1 Aug 2015 07:57:54 -0500
From: Tom Zeller <tzeller at dragonacea.biz>
To: Shib Users <users at shibboleth.net>
Subject: Re: idp login issue connecting to ldap
Message-ID: <B5D24CD0-EC4A-4BD5-88C2-13E287CEE9F8 at dragonacea.biz>
Content-Type: text/plain; charset="us-ascii"



> On Jul 31, 2015, at 11:33 PM, Jason Separovic <jseppa01 at gmail.com> wrote:
> Hi,
> I'm trying to setup a simple google apps test case with idp 3.1.2. I also have
> openldap 2.4.39-8.el6 setup on the same host
> It seems as though ldap is working fine when I use the aacli command:
> [root at dev1 bin]# ./aacli.sh --requester google.com --principal jason
> {
> "requester": "google.com",
> "principal": "jason",
> "attributes": [
>    {
>      "name": "googleNameID",
>      "values": [
>                "StringAttributeValue{value=jason at jseppa.com}"          ]
>    }  
> ]
> }
> However, when I direct my browser to the google api, I get redirected to the
> idp login page as expected, however when I enter the ldap user/pass, the form
> just returns another blank form.
> Tcpdump on 389 reveals no attempt to connect to ldap and, org.ldaptive TRACE
> shows nothing in the logs.
> I'm using the following ldap in the attribute resolver, so I think the
> ldap.properties should be good:
>      <resolver:DataConnector id="ldap" xsi:type="dc:LDAPDirectory"
>          ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
>          baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
>          principal="%{idp.attribute.resolver.LDAP.bindDN}"
>          
> principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}">
>          <dc:FilterTemplate>
>              <![CDATA[
>                  %{idp.attribute.resolver.LDAP.searchFilter}
>              ]]>
>          </dc:FilterTemplate>
>      </resolver:DataConnector>
> Is there anything that needs to be configured in order to use ldap in the auth
> process? I'm sure I'm missing something simple here, just beating my head
> against the wall a bit.

The blank form sounds odd, but without more info I suggest start there.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150802/4b3c4f36/attachment-0001.html>

More information about the users mailing list