RemoteUser configuration in IdP V 3.2.1

Erik Guss eguss at auth.lib.montana.edu
Thu Jul 7 16:49:51 EDT 2016


Hello,
I've recently upgraded to IdP v3.2.1. I have followed the basic
configuration for RemoteUser via the documentation. A particular SP
problem I am having is that in the case of an expired session, the login
flow is not re-triggered as we wish. An error log sequence is included
below illustrating what is happening. My question is, what would be the
proper xml stanza to use in conf/authn/remoteuser-authn-config.xml to
trigger RemoteUser again if an existing authentication result is
inactive? Thank you.

2016-05-11 10:22:13,486 - DEBUG
[net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:167] -
Profile Action PopulateAuthenticationContext: Installed 1 authentication
flows into AuthenticationContext
2016-05-11 10:22:13,488 - DEBUG
[net.shibboleth.idp.session.impl.StorageBackedSessionManager:707] -
Performing primary lookup on session ID
ebab536b9a26a518255bcfa5951153219f966799afa33af278c77aec19bef3e6
2016-05-11 10:22:13,492 - DEBUG
[net.shibboleth.idp.session.impl.StorageBackedIdPSession:90] - Updating
expiration of master record for session
ebab536b9a26a518255bcfa5951153219f966799afa33af278c77aec19bef3e6 to
2016-05-11T11:22:13.492-06:00
2016-05-11 10:22:13,504 - DEBUG
[net.shibboleth.idp.session.impl.StorageBackedIdPSession:528] - Loading
AuthenticationResult for flow authn/RemoteUser in session
ebab536b9a26a518255bcfa5951153219f966799afa33af278c77aec19bef3e6
2016-05-11 10:22:13,510 - DEBUG
[net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:116]
- Profile Action ExtractActiveAuthenticationResults: authentication
result authn/RemoteUser is inactive, skipping it
2016-05-11 10:22:13,511 - DEBUG
[net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:122]
- Profile Action ExtractActiveAuthenticationResults: no active
authentication results, SSO will not be possible
2016-05-11 10:22:13,542 - DEBUG
[net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:53] - Profile
Action FilterFlowsByForcedAuthn: Request does not have forced
authentication requirement, nothing to do
2016-05-11 10:22:13,543 - DEBUG
[net.shibboleth.idp.authn.impl.FilterFlowsByPassivity:53] - Profile
Action FilterFlowsByPassivity: Request does not have passive
requirement, nothing to do
2016-05-11 10:22:13,544 - DEBUG
[net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:53] -
Profile Action FilterFlowsByNonBrowserSupport: Request does not have
non-browser requirement, nothing to do
2016-05-11 10:22:13,546 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:257] - Profile
Action SelectAuthenticationFlow: No specific Principals requested
2016-05-11 10:22:13,546 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:292] - Profile
Action SelectAuthenticationFlow: No usable active results available,
selecting an inactive flow
2016-05-11 10:22:13,547 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:334] - Profile
Action SelectAuthenticationFlow: Selecting inactive authentication flow
authn/RemoteUser
2016-05-11 10:22:13,574 - INFO
[net.shibboleth.idp.authn.impl.ValidateExternalAuthentication:121] -
Profile Action ValidateExternalAuthentication: External authentication
failed, no user identity or error information returned
2016-05-11 10:22:13,578 - INFO
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:130] - Profile
Action SelectAuthenticationFlow: Moving incomplete flow authn/RemoteUser
to intermediate set
2016-05-11 10:22:13,579 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:257] - Profile
Action SelectAuthenticationFlow: No specific Principals requested
2016-05-11 10:22:13,579 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:292] - Profile
Action SelectAuthenticationFlow: No usable active results available,
selecting an inactive flow
2016-05-11 10:22:13,580 - ERROR
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:296] - Profile
Action SelectAuthenticationFlow: No potential flows left to choose from,
authentication will fail
2016-05-11 10:22:13,596 - WARN
[org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred
while processing the request: NoPotentialFlow
2016-05-11 10:22:13,597 - DEBUG
[org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:184]
- Error event NoPotentialFlow will be handled with response

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160707/8a7697e9/attachment.html>


More information about the users mailing list