REFEDS R&S SP reports intermittent failures
Tom Scavo
trscavo at gmail.com
Sat Apr 23 11:04:04 EDT 2016
On Sat, Apr 23, 2016 at 12:48 AM, Baron Fujimoto <baron at hawaii.edu> wrote:
>
> ===== IdP logs
> failure:
>
> 2016-04-14 13:53:45.970 - INFO [Shibboleth-Audit:1028] - 20160414T235345Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_474802ddb0cfa6f17916ba05bc934eac|https://cilogon.org/shibboleth|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://idp.hawaii.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_04653d4b3b8fcb473f1f152ffb195dd8|FAILED_USER|urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified||_cc955f74f9f861d8ac71e79d435d5c82||
Is the IdP returning a SAML error to the SP?
> success:
>
> 2016-04-15 05:50:36.482 - INFO [Shibboleth-Audit:1028] - 20160415T155036Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_e904d92459abc4062c8bbff65f974158|https://cilogon.org/shibboleth|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://idp.hawaii.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7bf0cf790d13445237d85df6a26f475e|SUCCESS_USER|urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified|surname,eduPersonPrincipalName,email,transientId,givenName,|_53b7fea682b761382175445789dde9e7||
> =====
>
> I note the attributes being returned for the success.
>
> Since I am logging at the INFO level, I don't think I have more details
> available. I don't think changing the log level to DEBUG is feasible due
> to the increased logging volume, and afaict, it would be difficult to
> disentangle the DEBUG logs on a busy server.
>
> I have also tried testing this with aacli on a spare IdP host with the
> same config where I can log at DEBUG level.
Have you tried using /etc/hosts on a client machine to do a full test
with your test IdP?
Tom
More information about the users
mailing list