How to configure SingleSignOnService using SOAP end-point on the IdP version 3.2.x

Akshay Kini kga.official at gmail.com
Mon Dec 21 01:35:00 EST 2015 

Hi,

New to Shibboleth here.

Our project uses a SAML SP for SSO, it also requires SAML SOAP Endpoint
based SingleSignOnService, I have implemented the last part.

I was working on certifying it on Shibboleth, how do I configure SAML SOAP
Endpoint for SingleSignOnService?

I tried to point it to the ECP end-point "/idp/profile/SAML2/SOAP/ECP", but
I get the following error in the logs:


Log Snippet:
2015-12-20 23:32:33,190 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] -
Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of
type
'org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler'
on INBOUND message context
2015-12-20 23:32:33,190 - DEBUG
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] -
Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on
message context containing a message of type
'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl'
2015-12-20 23:32:33,190 - DEBUG
[org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:79]
- Message Handler:  Message did not contain any ChannelBindings extensions
2015-12-20 23:32:33,190 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.WriteProfileInterceptorResultToStorage:68]
- Profile Action WriteProfileInterceptorResultToStorage: No results
available from interceptor context, nothing to store
2015-12-20 23:32:33,190 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:70]
- Profile Action FilterFlowsByNonBrowserSupport: Retaining flow
'intercept/security-policy/saml2-ecp', it supports non-browser
authentication
2015-12-20 23:32:33,190 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:82]
- Profile Action FilterFlowsByNonBrowserSupport: Available interceptor
flows after filtering:
'{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp,
nonBrowserSupported=true}}'
2015-12-20 23:32:33,190 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:65]
- Profile Action SelectProfileInterceptorFlow: Moving completed flow
intercept/security-policy/saml2-ecp to completed set, selecting next one
2015-12-20 23:32:33,190 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:80]
- Profile Action SelectProfileInterceptorFlow: No flows available to choose
from
2015-12-20 23:32:33,206 - DEBUG
[net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149]
- Profile Action InitializeOutboundMessageContext: Initialized outbound
message context
2015-12-20 23:32:33,221 - DEBUG
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:369]
- Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve
endpoint of type
{urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound
message
2015-12-20 23:32:33,221 - TRACE
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:384]
- Profile Action PopulateBindingAndEndpointContexts: Candidate outbound
bindings: [urn:oasis:names:tc:SAML:2.0:bindings:PAOS,
urn:ietf:params:xml:ns:samlec]
2015-12-20 23:32:33,221 - DEBUG
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:507]
- Profile Action PopulateBindingAndEndpointContexts: Populating template
endpoint for resolution from SAML AuthnRequest
2015-12-20 23:32:33,221 - DEBUG
[org.opensaml.saml.common.binding.AbstractEndpointResolver:220] - Endpoint
Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:
Returning 2 candidate endpoints of type
{urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2015-12-20 23:32:33,221 - DEBUG
[org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:86] -
Endpoint Resolver
org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate
endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP' not permitted
by input criteria
2015-12-20 23:32:33,221 - DEBUG
[org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:86] -
Endpoint Resolver
org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate
endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not
permitted by input criteria
2015-12-20 23:32:33,221 - DEBUG
[org.opensaml.saml.common.binding.AbstractEndpointResolver:130] - Endpoint
Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No
candidate endpoints met criteria
2015-12-20 23:32:33,221 - WARN
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:404]
- Profile Action PopulateBindingAndEndpointContexts: Unable to resolve
outbound message endpoint
2015-12-20 23:32:33,237 - WARN
[org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred
while processing the request: EndpointResolutionFailed
2015-12-20 23:32:33,237 - DEBUG
[org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:154] -
No SAMLBindingContext or binding URI available, error must be handled
locally
2015-12-20 23:32:33,253 - DEBUG
[net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContextForError:140]
- Profile Action InitializeOutboundMessageContextForError: Outbound message
context already exists, nothing to do
2015-12-20 23:32:33,300 - WARN
[net.shibboleth.idp.saml.profile.impl.SpringAwareMessageEncoderFactory:96]
- Binding URI was not available, unable to lookup message encoder
2015-12-20 23:32:33,300 - ERROR
[org.opensaml.profile.action.impl.EncodeMessage:122] - Profile Action
EncodeMessage: Unable to locate an outbound message encoder

Thanks,
Regards,
Akshay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151221/e47b1f79/attachment.html>

More information about the users mailing list