idp login issue connecting to ldap
Michael A Grady
mgrady at unicon.net
Mon Aug 3 22:21:04 EDT 2015
> On Aug 3, 2015, at 8:35 PM, Paul Caskey <pcaskey at internet2.edu> wrote:
>
> Yes, java remained at ver 8 for both 9.3 and 9.2, so it seems like a jetty issue.
>
>
May not be the same issue, but in trying Jetty 9.3 last week, we couldn't seem to get the cookie handling to work right with JSESSIONID. At first, it wasn't being written out at all with the login page, so the IdP had no context to link the returned login page to, and just presented the login page again. We got jsessionid to get written out with the login page, but then Jetty wasn't returning it thru to the IdP on the way back in, at least not as the IdP expected it. So, again, the login page just kept being presented with no errors in the log. We then gave up, and went back to 9.2. Figured we'd just messed up jetty-base somehow, didn't yet have time to dig into it more.
>
> -----Original Message-----
> From: Cantor, Scott [cantor.2 at osu.edu <mailto:cantor.2 at osu.edu>]
> Received: Monday, 03 Aug 2015, 7:25PM
> To: Shib Users [users at shibboleth.net <mailto:users at shibboleth.net>]
> Subject: Re: idp login issue connecting to ldap
>
> On 8/3/15, 8:13 PM, "users on behalf of Paul Caskey" <users-bounces at shibboleth.net <mailto:users-bounces at shibboleth.net> on behalf of pcaskey at internet2.edu <mailto:pcaskey at internet2.edu>> wrote:
>
>
>
> >First, I have not read this entire thread, so my apologies if this is completely off-base, but it might be relevant. I was recently working on a new V3 IdP and ran into an issue where trying to login (via the normal login form) resulted in a simple re-display of the login page with no displayed errors and no messages written to idp-process.log, even with ldaptive and idp in DEBUG.
>
> Sounds similar.
>
> >I was running Jetty 9.3. I reverted to 9.2 and then started getting errors messages in idp-process.log. The errors basically indicated that I had not installed the JCE, which I had overlooked (error was invalid key length for the sealer key, IIRC). That IdP is now running fine on Jetty 9.2 (with JCE), I never went back to 9.3.
>
> I assume you mean "with full-strength policy files", the JCE is there regardless.
>
> That's more likely to be a Java 7 vs. 8 issue than Jetty (were you still on 8?), but more to the point I can't off-hand think of a connection between that component and this particular part of the system.
>
> The policy isn't supposed to matter for AES-128, but that never seems to be very consistent, and we just documented it as requiring the full-strength files regardless.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150803/7c602d99/attachment.html>
More information about the users
mailing list