Issue with a ServiceProvider authenticating against testshib.org IdP
Alessandro Molina
alessandro.molina at axant.it
Mon Oct 5 12:44:18 EDT 2015
Not Found
The requested URL /entities was not found on this server.
:P
Tried to set a very strange entityID on my side:
https://localhost/asdf2gbhjkl/sprovide.xml
But I still get the same error, so it's probably not an entityID
collision :(
Il 05/10/15 18:37, Kevin Foote ha scritto:
> Most likely your entiyID is not unique.
> Check the testshib.org/entities <http://testshib.org/entities> page to
> make sure
>
> - sent from mobile
>
> On Oct 5, 2015, at 12:33 PM, Alessandro Molina
> <alessandro.molina at axant.it <mailto:alessandro.molina at axant.it>> wrote:
>
>> I'm currently trying to check a ServiceProvider configuration against
>> testshib.org <http://testshib.org> (using testshib.org
>> <http://testshib.org> as an IdP),
>> but testshib.org <http://testshib.org> si currently failing with the
>> following traceback:
>>
>> 12:07:04.650 - ERROR
>> [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:927]
>> - Could not resolve a key encryption credential for peer entity:
>> https://localhost/sprovide.xml
>> 12:07:04.651 - ERROR
>> [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:289]
>> - Unable to construct encrypter
>> org.opensaml.xml.security.SecurityException: Could not resolve key
>> encryption credential
>> at
>> edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.getEncrypter(AbstractSAML2ProfileHandler.java:928)
>> ~[shibboleth-identityprovider-2.4.0.jar:na]
>> at
>> edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler.buildResponse(AbstractSAML2ProfileHandler.java:286)
>> ~[shibboleth-identityprovider-2.4.0.jar:na]
>>
>> I'm able to get to the login page and login with the myself-myself
>> user, but then that traceback is produced when trying to send back
>> the answer to my application.
>> Here is the service provider .xml file uploaded to
>> http://www.testshib.org/register.html
>>
>> <?xml version='1.0' encoding='UTF-8'?>
>> <ns0:EntityDescriptor
>> xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata"
>> xmlns:xs="http://www.w3.org/2001/XMLSchema"
>> xmlns:ns1="urn:oasis:names:tc:SAML:metadata:attribute"
>> xmlns:ns2="urn:oasis:names:tc:SAML:2.0:assertion"
>> xmlns:ns4="http://www.w3.org/2000/09/xmldsig#"
>>
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> entityID="https://localhost/sprovide.xml">
>> <ns0:Extensions>
>> <ns1:EntityAttributes>
>> <ns2:Attribute Name="http://macedir.org/entity-category"
>> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>> <ns2:AttributeValue
>> xsi:type="xs:string">http://www.geant.net/uri/dataprotection-code-of-conduct/v1
>> </ns2:AttributeValue>
>> </ns2:Attribute>
>> </ns1:EntityAttributes>
>> </ns0:Extensions>
>> <ns0:SPSSODescriptor AuthnRequestsSigned="false"
>> WantAssertionsSigned="true"
>> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
>> <ns0:KeyDescriptor use="signing">
>> <ns4:KeyInfo>
>> <ns4:X509Data>
>> <ns4:X509Certificate>MIIC7zCCAdegAwIBAgIJAKNUFVpcL0KLMA0GCSqGSIb3DQEBBQUAMBIxEDAOBgNV
>> BAMTB0xQdWxzYXIwHhcNMTUxMDA1MTYwNTAyWhcNMjUxMDAyMTYwNTAyWjASMRAw
>> DgYDVQQDEwdMUHVsc2FyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
>> 04Dvyk0OAmkcjFIzptAJyluGcfP8WsmdE01XOvIV0bi40Cc1c3SCfdXM+AU7kiz6
>> Ew37m9kXz1FbIw9n9Zsv3ImJ7lqQ1/ZKUkzB/Aj49p85XsoqMwtRq8Zwun9sLAME
>> +sjWh4+OyQH2Dr/Na7WnafuuYeIl72rFAoUg2IDEodZ5b204suKp1qi0GQwYm2Jp
>> Ahh0f46RhXawcYVmTMPUS6XQjJ+WH95sDxxxV6Yjfw7d3uZNQ+cNAec7hFxSSAka
>> nShkimm6KfC5x04jgjz1YA4iNXPoj2Pi2E0l3EBl16qBmhjXoppagriHfN+xIxcD
>> hEggCSaYLui2Qm/8maeqQwIDAQABo0gwRjAlBgNVHREEHjAcggdMUHVsc2FyhhFo
>> dHRwczovL2xvY2FsaG9zdDAdBgNVHQ4EFgQUQbbmEqIJlFT8GRdSPE56N+dGZi8w
>> DQYJKoZIhvcNAQEFBQADggEBAC8jKuZWkHx/AhM1GL2vHq/h9SxHoHFcyYDipVyC
>> Ql5VB5PjTaLdQ9RZCtJhlJa75DeVfW6hncDY5Q2phb7MwH2GfWm/bZwmPyfwsEeI
>> uzOcfyWU24582ITtWBNGkaxkE3uI5cDRvmKfO6fTrAdvw+emtVzYOUcAxzqz0PAQ
>> B5f2jLbg2sTLB6d4KawGPoq3JtVXPgagIANZ5IsR/dem3FIsZFj8nsztibFFTH/O
>> ljUAfZledVW5KIfApmHMc4qLvAuSSOSmax6ksBjPE4LVZx/9iftHQOMsucW1O4Ob
>> ykh4ttyYdRoNP1es5xuzTF3Qw2XRMK1N4ZgFsOQudlEexik=
>> </ns4:X509Certificate>
>> </ns4:X509Data>
>> </ns4:KeyInfo>
>> </ns0:KeyDescriptor>
>> <ns0:SingleLogoutService
>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
>>
>> Location="https://localhost/slo/redirect"/>
>> <ns0:SingleLogoutService
>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>> Location="https://localhost/slo/post"/>
>> <ns0:AssertionConsumerService
>> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
>>
>> Location="https://localhost/acs/post" index="1"/>
>> </ns0:SPSSODescriptor>
>> </ns0:EntityDescriptor>
>>
>> We are currently using PySAML2 which has also generated the previous XML.
>> It something wrong that I'm missing? The whole testshib.org
>> <http://testshib.org> traceback is attached to the email
>>
>>
>> --
>> Alessandro Molina
>> Chief Technical Officer & Director of Operations
>>
>> Axant s.n.c. -http://www.axant.it
>> Phone: +39 346 739 9923
>> Fax: +39 011 412 1756
>> <traceback.txt>
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>> <mailto:users-unsubscribe at shibboleth.net>
>
>
--
Alessandro Molina
Chief Technical Officer & Director of Operations
Axant s.n.c. - http://www.axant.it
Phone: +39 346 739 9923
Fax: +39 011 412 1756
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151005/f1a9aafe/attachment-0001.html>
More information about the users
mailing list