How to resolve a binding exception
Scott Koranda
skoranda at gmail.com
Wed Aug 19 09:38:43 EDT 2015
Just for the archives...
It was/is a LIGO SP.
Problem was bad permissions on the SP key file (only readable by root and
not shibd).
Running
LD_LIBRARY_PATH=/opt/shibboleth/lib64 /usr/sbin/shibd -t -u shibd -g shibd
immediately showed the problem (this is a SL6 box so LD_LIBRARY_PATH
necessary to get the Shib distributed curl libraries).
Scott K
On Wed, Aug 19, 2015 at 8:09 AM, Scott Koranda <skoranda at gmail.com> wrote:
> Hi Joe,
>
> (Joe is also part of the LIGO project.)
>
> I don't know why the change is now causing you an error.
>
> But if this is a LIGO SP please contact me offline and I can help you
> troubleshoot.
>
> If this is not a LIGO SP but you copied or evolved the SP configuration
> from a LIGO SP then also contact me offline and I will help you create a
> more "vanilla" configuration. I say that because the error indicates the SP
> is using the artifact resolution protocol, which we do use in LIGO for
> certain situations, but it is best not to use it with "generic" SPs if you
> do not have a good reason for it.
>
> Thanks,
>
> Scott K
>
> On Wed, Aug 19, 2015 at 7:26 AM, Joseph Areeda <
> jareeda at exchange.fullerton.edu> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Hi,
>>
>> I've swapped server hardware to move our SP to a more capable machine.
>> The service used to be provided by a VM which became our backup.
>>
>> Both were working before the swap which consisted of a DNS change and
>> swapping certificates and keytabs to match the new URLs.
>>
>> Now the VM is working but the new hardware cannot authenticate with
>> Shibboleth. The web page and log files say:
>>
>> 2015-08-19 04:11:33 ERROR Shibboleth.Listener [15015] shib_handler:
>> remoted message returned an error: Unable to resolve artifact(s) into
>> a SAML response.
>> 2015-08-19 04:11:33 ERROR Shibboleth.Apache [15015] shib_handler:
>> Unable to resolve artifact(s) into a SAML response.
>>
>> I don't understand the message or what part of the SP is
>> misconfigured. I've compared configurations of the working and non
>> working systems but I don't see a problem.
>>
>> Google and the troubleshooting section of the Shib wiki didn't turn up
>> anything useful.
>>
>> I'd appreciate any help to isolate the problem.
>>
>> Thanks,
>> Joe
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2
>> Comment: GPGTools - https://gpgtools.org
>>
>> iQEcBAEBCgAGBQJV1GfyAAoJEGX1ANcKSZvNCUoH/0af7+fStlfKQHDdoGcuifyp
>> RGIHcOQ0Qs75APBV/dj89leLDQkEGmytv2g0L0+xMvKR4aYIzOMdv7J+hPTGkRdB
>> Qomd+FfZsBay6x1eTO+KChqwlhLGR1dRPN9DeYHKhh9WDSQmuKDmaSzuf3VZmzDd
>> IVrZTE2QifWDL45EUxUxg6EdoCCSf1T++h/EYbo8/Qx5WoKS50llxL7RBxolQ8IJ
>> XxoeNz12YzxLZrnpIaWKdooUTcQlWwIhunO/ZHqk31vSSG+PFos/xJHzV1jihmLZ
>> D4npPsLsvYsJxIoh1zMGCz6eMcYYLgNPP7GlmTDD6N9vZEamdUoQgK9ZzCZrkGs=
>> =pcsm
>> -----END PGP SIGNATURE-----
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150819/012ba2c9/attachment.html>
More information about the users
mailing list