A valid authentication statement was not found in the incoming message

Mike Flynn shibbolethlynda at yahoo.com
Fri Aug 28 09:23:45 EDT 2015 

I have an IDP attempting to connect to me on a test Shib box (IIS 7 2.3.1) and they get this error:
A valid authentication statement was not found in the incoming message

Logging on this test box is set to debug.
Looking up the error here:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPTroubleshootingCommonErrors#NativeSPTroubleshootingCommonErrors-opensaml::FatalProfileException:Avalidauthenticationstatementwasnotfoundintheincomingmessage

It says to check the logs.
In shibd.log there is this for the transaction (these are the logs immediately following receipt of the assertion):
2015-08-28 06:12:10 DEBUG OpenSAML.MessageDecoder.SAML2 [1]: extracting issuer from SAML 2.0 protocol message2015-08-28 06:12:10 DEBUG OpenSAML.MessageDecoder.SAML2 [1]: message from (urn:componentspace:SkillsServe)2015-08-28 06:12:10 DEBUG OpenSAML.MessageDecoder.SAML2 [1]: searching metadata for message issuer...2015-08-28 06:12:10 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1]: evaluating message flow policy (replay checking on, expiration 60)2015-08-28 06:12:10 DEBUG XMLTooling.StorageService [1]: inserted record (_4291aef7-02e4-4bbc-aa3e-215824860e46) in context (MessageFlow)2015-08-28 06:12:10 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [1]: validating signature profile2015-08-28 06:12:10 DEBUG XMLTooling.TrustEngine.ExplicitKey [1]: attempting to validate signature with the peer's credentials2015-08-28 06:12:10 DEBUG XMLTooling.TrustEngine.ExplicitKey [1]: signature validated with credential2015-08-28 06:12:10 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [1]: signature verified against message issuer2015-08-28 06:12:10 DEBUG Shibboleth.SSO.SAML2 [1]: processing message against SAML 2.0 SSO profile2015-08-28 06:12:10 DEBUG Shibboleth.SSO.SAML2 [1]: extracting issuer from SAML 2.0 assertion2015-08-28 06:12:10 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1]: evaluating message flow policy (replay checking on, expiration 60)2015-08-28 06:12:10 DEBUG XMLTooling.StorageService [1]: inserted record (_4df65e7e-e5b0-44bf-bf6c-5e6bd73011c3) in context (MessageFlow)2015-08-28 06:12:10 DEBUG OpenSAML.SecurityPolicyRule.BearerConfirmation [1]: assertion satisfied bearer confirmation requirements
So, no errors reported there.  Moving on to native.log I see this:
2015-08-28 06:12:10 ERROR Shibboleth.Listener [7156] isapi_shib_extension: remoted message returned an error: A valid authentication statement was not found in the incoming message.2015-08-28 06:12:10 ERROR Shibboleth.ISAPI [7156] isapi_shib_extension: A valid authentication statement was not found in the incoming message.
Transaction.log is empty.
Can anyone shed any light on this?  I can certainly post the assertion here - just did not want to blast the list with a bunch of data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150828/302d7cab/attachment-0001.html>

More information about the users mailing list