Logout SAML Error message v3
David Langenberg
davel at uchicago.edu
Sat Jan 17 00:16:25 EST 2015
Set both of those to true (restarted Jetty, cleared browser), still getting:
2015-01-16 22:15:30,695 - ERROR
[net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:314] -
Profile Action ProcessLogoutRequest: Error resolving matching session(s)
net.shibboleth.utilities.java.support.resolver.ResolverException: Secondary
service index is disabled
at
net.shibboleth.idp.session.impl.StorageBackedSessionManager.resolve(StorageBackedSessionManager.java:569)
and my SAML Error sent back to SP.
Dave
On Fri, Jan 16, 2015 at 10:08 PM, Tom Zeller <tzeller at dragonacea.biz> wrote:
>
>
> On Jan 16, 2015, at 11:04 PM, Tom Zeller <tzeller at dragonacea.biz> wrote:
>
>
>
> On Jan 16, 2015, at 10:23 PM, David Langenberg <davel at uchicago.edu> wrote:
>
> I have v3 with a fairly default setup. When I initiate a logout request
> at an SP, the result is a SAML Error being returned to the SP. I see in
> the logs the logout flow activated and then this:
>
> 2015-01-16 21:09:42,364 - DEBUG
> [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:65]
> - Profile Action SelectProfileInterceptorFlow: Moving completed flow
> intercept/security-policy/saml2-slo to completed set, selecting next one
> 2015-01-16 21:09:42,365 - DEBUG
> [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:80]
> - Profile Action SelectProfileInterceptorFlow: No flows available to choose
> from
> 2015-01-16 21:09:42,378 - DEBUG
> [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149]
> - Profile Action InitializeOutboundMessageContext: Initialized outbound
> message context
> 2015-01-16 21:09:42,411 - DEBUG
> [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:367]
> - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve
> endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}SingleLogoutService
> for outbound message
> 2015-01-16 21:09:42,420 - DEBUG
> [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:409]
> - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at
> location https://sp.training.incommon.org/Shibboleth.sso/SLO/Redirect
> using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
> 2015-01-16 21:09:42,465 - DEBUG
> [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:304]
> - Profile Action PopulateEncryptionParameters: Encryption for assertions
> (false), identifiers (true), attributes(false)
> 2015-01-16 21:09:42,467 - DEBUG
> [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:314]
> - Profile Action PopulateEncryptionParameters: Resolving
> EncryptionParameters for request
> 2015-01-16 21:09:42,468 - DEBUG
> [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:376]
> - Profile Action PopulateEncryptionParameters: Adding entityID to
> resolution criteria
> 2015-01-16 21:09:42,469 - DEBUG
> [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:387]
> - Profile Action PopulateEncryptionParameters: Adding role metadata to
> resolution criteria
> 2015-01-16 21:09:42,471 - DEBUG
> [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:330]
> - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
> 2015-01-16 21:09:42,535 - DEBUG
> [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:144] -
> Profile Action ExtractSubjectFromRequest: No Subject NameID or
> NameIdentifier in message
> 2015-01-16 21:09:42,596 - ERROR
> [net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:314] -
> Profile Action ProcessLogoutRequest: Error resolving matching session(s)
> net.shibboleth.utilities.java.support.resolver.ResolverException:
> Secondary service index is disabled
> at
> net.shibboleth.idp.session.impl.StorageBackedSessionManager.resolve(StorageBackedSessionManager.java:569)
>
> Any thoughts on what I may be doing wrong, or should I take this over to
> JIRA?
>
>
> There's two session properties in conf/idp.properties that need to be
> turned true, IIRC. Secondary index and something else nearby.
>
>
> Maybe the other property, besides secondary index, is track sessions.
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
David Langenberg
Identity & Access Management
The University of Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150116/0bfcba64/attachment.html
More information about the users
mailing list