Error When Using University's Idp

Nate Klingenstein ndk at internet2.edu
Fri Jun 26 14:50:28 EDT 2015


Automagic if no attributes included and those endpoints advertised, including these that don't work.  Seems unintended.  Should remove extraneous endponts or make them work and then make sure attributes are working as intended.

Semt frim mt iPone

On Jun 26, 2015, at 13:46, "Antelmo Aguilar" <Antelmo.Aguilar.17 at nd.edu<mailto:Antelmo.Aguilar.17 at nd.edu>> wrote:

Hello again,

I am trying to configure my Shibboleth SP to talk to the university's test Idp now, but I get the following error after I Iogin that prevents me from getting the attributes from the Idp:

2015-06-26 14:18:42 ERROR Shibboleth.AttributeResolver.Query [5]: exception during SAML query to https://login-test.cc.nd.edu:8443/idp/profile/SAML2/SOAP/AttributeQuery: CURLSOAPTransport failed while contacting SOAP endpoint (https://login-test.cc.nd.edu:8443/idp/profile/SAML2/SOAP/AttributeQuery): Unknown SSL protocol error in connection to login-test.cc.nd.edu:8443<http://login-test.cc.nd.edu:8443>
2015-06-26 14:18:42 ERROR Shibboleth.AttributeResolver.Query [5]: unable to obtain a SAML response from attribute authority
2015-06-26 14:18:42 INFO Shibboleth.SessionCache [5]: new session created: ID (_90039f523c20b7ddad28967c41ce6aaa) IdP (https://login-test.cc.nd.edu/idp/shibboleth) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (129.74.58.169)

When I do curl -v https://login-test.cc.nd.edu:8443, I get the following error:

* About to connect() to login-test.cc.nd.edu<http://login-test.cc.nd.edu> port 8443 (#0)
*   Trying 129.74.1.122... connected
* Connected to login-test.cc.nd.edu<http://login-test.cc.nd.edu> (129.74.1.122) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error


I am currently trying to fix the issue, but thought it might be a good idea to ask for some help here in case you guys have come across this issue before.  I really appreciate any help.

Thanks!
Antelmo
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150626/c01f7568/attachment.html>


More information about the users mailing list