shibd 2.5.3 + windows 2k8r2 + Tivoli IdP odd crash in xsec 1.7
Jerry B. Altzman
jbaltz at gmail.com
Tue Aug 18 14:29:24 EDT 2015
Hi,
On Tue, Aug 18, 2015 at 2:01 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 8/18/15, 1:31 PM, "users on behalf of Jerry B. Altzman" <
> users-bounces at shibboleth.net on behalf of jbaltz at gmail.com> wrote:
> >Upgraded just now to 2.5.5.0
> Ok, worth a try.
> >2015-08-18 13:26:01 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
> signing the message
> Well, that wouldn't be anything to do with the IdP, that's the signing of
> the request. That should happen regardless of IdP, apart from just having
> it not sign normally and doing that step because of the IdP's metadata.
>
I get that, it's just this this issue didn't crop up before I added the
Tivoli IdP.
> >Is this a known issue that was fixed between 2.5.3 and 2.5.5?
> I'm not following; it's not fixed if you just reproduced it on 2.5.5.
>
When I'm told right away to upgrade, the wonder is if this is a known issue
(that I could have found by only searching a little more) fixed, or
something else. "Just upgrade" on a pre-deployment system is a very
different issue that "just upgrade" on a fleet in production.
>
> > Shibd did just stop there...any idea where I can look for
> misconfiguration
>
Is your signing key particularly large? That should have been fixed, but
> worth asking.
>
No; but...just checked, and found that something stomped on my keyfile (0
bytes? Hello?) which is not something I would have expected. Now I see
other issues, but not this one. Thanks! So the upgrade uncovered the real
reason. Winning all around!
> -- Scott
>
--
jerry b. altzman jbaltz at gmail.com @lorvax
eppur si muove
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150818/e678f897/attachment.html>
More information about the users
mailing list