Shibboleth handler invoked at an unconfigured location

reda sabir sabiretude at gmail.com
Fri May 13 12:13:50 EDT 2016 

Hi peter,

So for your question why multiple applicationOverride without overriding
entityID: I did that so I could have One SP and multiple IdP. For your
question why MetadataProvider have the same as default, I will say it's
just a mistake of mine, I had deleted the metadata part in default without
changes. This means that I don't use the ApplicationDefault and that I use
only ApplicationOverride.

For the logging, I think that I already turn debug on and all I have is
this :
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: starting to marshal
samlp:AuthnRequest
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: creating root element
to marshall
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: marshalling namespace
attributes for XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: marshalling text and
child elements for XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: starting to marshalling
saml:Issuer
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: creating root element
to marshall
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: marshalling namespace
attributes for XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: marshalling text and
child elements for XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: caching DOM for
XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: starting to marshalling
samlp:NameIDPolicy
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: creating root element
to marshall
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: marshalling namespace
attributes for XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: marshalling text and
child elements for XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: caching DOM for
XMLObject
2016-05-13 14:47:36 DEBUG XMLTooling.XMLObject [3]: caching DOM for
XMLObject (document is bound)
2016-05-13 14:47:36 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [3]:
marshalled message:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="
http://sp.shibboleth.example.com/Shibboleth.sso/SAML2/POST" Destination="
http://openam.capgemini\
.com:7777/openam/SSORedirect/metaAlias/idp"
ID="_8b52b9e0d88dc5575ca0acb599e9bef6" IssueInstant="2016-05-13T14:47:36Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0\
"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
sp.shibboleth.example.com</saml:Issuer><samlp:NameIDPolicy
AllowCreate="1"/></samlp:AuthnRequest>
2016-05-13 14:47:36 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [3]:
message encoded, sending redirect to client


2016-05-13 17:38 GMT+02:00 Peter Schober <peter.schober at univie.ac.at>:

> * reda sabir <sabiretude at gmail.com> [2016-05-13 16:20]:
> > shibsp::ConfigurationException at (
> > http://sp.shibboleth.example.com/Shibboleth.sso/SAML2/POST)
> >
> > Shibboleth handler invoked at an unconfigured location.
>
> First I'd have to ask why you think you need those Overrides.
>
> None of these override the entityID (so you're not trying to create
> logical SPs), the first one (wso2) doesn't override the handlerURL,
> and the second one (openam) sets handlerURL to the value of the
> ApplicationDefault (/Shibboleth.sso). The second Override also sets
> the same MetadataProvider as the ApplicationDefault.
>
> So not only is it not clear what any of this should accomplish, I
> don't think that could work when the handlerURL and entityID are the
> same for all applications. The software wouldn't know what application
> an incoming protocol message would belong to.
>
> You can always turn up debug logging for the native log to see what
> application a given request is being routed to. But your configuration
> seems rather broken/nonsensical to me, so the log probably won't offer
> additional insight. The documentation would, though:
>
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationModel
>
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplicationOverride
>
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160513/f02936a4/attachment.html>

More information about the users mailing list