X509 Authn in IDPv3

Pradeep Jamble pjamble at gmail.com
Tue Apr 5 20:54:17 EDT 2016


Has anyone setup X509 Authn in IDP v3 via Apache front-end? I keep getting
this exception in Tomcat logs but nothing in the IdP logs (with debug logs
enabled) to indicate where it's failing.

Apr 05, 2016 3:19:23 AM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [X509AuthHandler] in context with
path [/idp] threw exception [Error processing external authentication
request] with root cause
net.shibboleth.idp.authn.ExternalAuthenticationException: No conversation
state found in session for key (e1s1)

Here's what I've setup so far with Apache and Tomcat/Shibboleth on the same

-Enabled the authn flow in idp.properties
-Configured Apache for client certificate authentication
-Enabled Apache to forward request headers as well as '+ExportCertData'

In Apache SSL logs, I see the cert has been validated and authorization
granted. So, I'm not quite sure where it's broken. Initially, I thought it
was an issue with Apache not being able to validate client cert but from
the SSL logs looks like it's not the issue.

Any troubleshooting or configuration guidance is greatly appreciated.

Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160405/99ce5ce5/attachment.html>

More information about the users mailing list