InvalidSubjectCanonicalizationContext error.

O'Dowd, Josh Josh.O'Dowd at
Thu Aug 13 15:38:48 EDT 2015

I have used the existing expired-password-flow to implement a user form to reset the password during this flow.  My expired-password-flow.xml is the following:
<flow xmlns=""

    <!-- Rudimentary impediment to direct execution of subflow. -->
    <input name="calledAsSubflow" type="boolean" required="true" />

    <view-state id="ExpiredPassword" view="expiredPassword">
            <evaluate expression="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationContext))" result="viewScope.authenticationContext" />
                <evaluate expression="expiredPasswordFormAction.getFormObjectName()" result="viewScope.formName"/>
                <evaluate expression="expiredPasswordFormAction.setupForm"/>
        <transition on="submit" to="proceed">
                <evaluate expression="expiredPasswordFormAction.bindAndValidate"/>

    <end-state id="proceed" />


After submitting the form, the bindAndValidate (which includes writing the new password to ldap) concludes without exception, and then I get the following error:
java.lang.IllegalArgumentException: Cannot find state with id 'InvalidSubjectCanonicalizationContext' in flow 'authn' -- Known state ids are 'array<String>['AuthenticationSetup', 'TestForSession', 'SessionExists', 'FilterFlows', 'SelectAuthenticationFlow', 'CallAuthenticationFlow' ...

The first instance of InvalidSubjectCanonicalizationContext in the idp-process.log is:
2015-08-13 13:26:08,640 - DEBUG [org.springframework.webflow.execution.ActionExecutor:53] - Finished executing net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext at 4b69ddcb; result = InvalidSubjectCanonicalizationContext

I am really not sure what is goofed up here.  Any help is much appreciated.  Thanks.

Josh O'Dowd
Software Systems Analyst / Developer
University of Montana, IT Central

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list