Josh.O'Dowd at mso.umt.edu
Thu Aug 13 16:59:20 EDT 2015
I did make the change you requested, to the authn-abstract-flow.xml.
I am now getting a opensaml::FatalProfileException message on the SP after IDP response. It states that there was an IDP reported error, but I am not seeing any error entries in idp-process.log
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Thursday, August 13, 2015 1:49 PM
To: Shib Users
Subject: Re: InvalidSubjectCanonicalizationContext error.
On 8/13/15, 3:38 PM, "users on behalf of O'Dowd, Josh" <users-bounces at shibboleth.net on behalf of Josh.O'Dowd at mso.umt.edu> wrote:
>The first instance of InvalidSubjectCanonicalizationContext in the idp-process.log is:
>2015-08-13 13:26:08,640 - DEBUG [org.springframework.webflow.execution.ActionExecutor:53] - Finished executing net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext at 4b69ddcb; result = InvalidSubjectCanonicalizationContext
>I am really not sure what is goofed up here. Any help is much appreciated. Thanks.
Well, the root cause aside, I think you tripped a bug also. Some of the more obscure error conditions (the "this shouldn't really ever happen" types) are probably not getting fully enumerated where they need to be.
If you could try adding that error event to system/flows/authn/authn-abstract-flow.xml as an <end-state> for me, and see if that gets it to actually "handle" the error it's raising, that would confirm my read of it.
I'll look at the action that's failing to see why, but basically something's probably off about the context tree when you transfer control off.
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users