X509 Authn in IDPv3

Pradeep Jamble pjamble at gmail.com
Wed Apr 6 01:22:46 EDT 2016

I'm using mod_jk to front tomcat. The version of Apache is 2.4.7 and
version of Tomcat is 7.0.52; looks like its a supported version.

I'm not sure if it's reaching at that point but do I also have to update
the data connector filter in attribute resolver to something specific to

I was looking at v2 x509 login handler configuration and was wondering if
something like that needs to be setup in v3 as well.


On Tue, Apr 5, 2016 at 6:11 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 4/5/16, 8:54 PM, "users on behalf of Pradeep Jamble" <
> users-bounces at shibboleth.net on behalf of pjamble at gmail.com> wrote:
> >Has anyone setup X509 Authn in IDP v3 via Apache front-end? I keep
> getting this exception in Tomcat logs but nothing in the IdP logs (with
> debug logs enabled) to indicate where it's failing.
> >
> >Apr 05, 2016 3:19:23 AM org.apache.catalina.core.StandardWrapperValve
> invoke
> >SEVERE: Servlet.service() for servlet [X509AuthHandler] in context with
> path [/idp] threw exception [Error processing external authentication
> request] with root cause
> >net.shibboleth.idp.authn.ExternalAuthenticationException: No conversation
> state found in session for key (e1s1)
> Sorry, I can't think of any way it can happen. Whatever it is will
> probably be obvious in hindsight, but I have no idea what it is.
> Are you using mod_proxy_ajp to connect them? If so, then I'm pretty much
> at a loss. Either you're not using a supported Tomcat, or you're using a
> broken one, or some other weird problem is making it impossible for it to
> recognize the JSESSIONID cookie and pick up the session properly.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160405/602c8b42/attachment.html>

More information about the users mailing list