shibd 2.5.3 + windows 2k8r2 + Tivoli IdP odd crash in xsec 1.7

Jerry B. Altzman jbaltz at
Tue Aug 18 14:29:24 EDT 2015


On Tue, Aug 18, 2015 at 2:01 PM, Cantor, Scott <cantor.2 at> wrote:

> On 8/18/15, 1:31 PM, "users on behalf of Jerry B. Altzman" <
> users-bounces at on behalf of jbaltz at> wrote:
> >Upgraded just now to
> Ok, worth a try.
> >2015-08-18 13:26:01 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
> signing the message
> Well, that wouldn't be anything to do with the IdP, that's the signing of
> the request. That should happen regardless of IdP, apart from just having
> it not sign normally and doing that step because of the IdP's metadata.

I get that, it's just this this issue didn't crop up before I added the
Tivoli IdP.

> >Is this a known issue that was fixed between 2.5.3 and 2.5.5?
> I'm not following; it's not fixed if you just reproduced it on 2.5.5.

When I'm told right away to upgrade, the wonder is if this is a known issue
(that I could have found by only searching a little more) fixed, or
something else. "Just upgrade" on a pre-deployment system is a very
different issue that "just upgrade" on a fleet in production.

> > Shibd did just stop there...any idea where I can look for
> misconfiguration
Is your signing key particularly large? That should have been fixed, but
> worth asking.

No; but...just checked, and found that something stomped on my keyfile (0
bytes? Hello?) which is not something I would have expected. Now I see
other issues, but not this one. Thanks! So the upgrade uncovered the real
reason. Winning all around!

> -- Scott

jerry b. altzman    jbaltz at   @lorvax
eppur si muove
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list