Is skipEndpointValidationWhenSigned still an issue?

Wed May 25 13:28:38 EDT 2016

This is what I got from debug

2016-05-25 13:23:50,462 - DEBUG
[net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] -
Profile Action SelectRelyingPartyConfiguration: Found relying party
configuration shibboleth.DefaultRelyingParty for request
2016-05-25 13:23:50,492 - DEBUG
[net.shibboleth.idp.profile.interceptor.impl.PopulateProfileInterceptorContext:126]
- Profile Action PopulateProfileInterceptorContext: Installing flow
intercept/security-policy/saml2-sso into interceptor context
2016-05-25 13:23:50,532 - WARN
[net.shibboleth.idp.profile.logic.AbstractAttributePredicate:88] - No
AttributeContext located for evaluation
2016-05-25 13:23:50,536 - DEBUG
[net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149]
- Profile Action InitializeOutboundMessageContext: Initialized outbound
message context
2016-05-25 13:23:50,543 - DEBUG
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:369]
- Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve
endpoint of type
{urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound
message
2016-05-25 13:23:50,545 - DEBUG
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:507]
- Profile Action PopulateBindingAndEndpointContexts: Populating template
endpoint for resolution from SAML AuthnRequest
2016-05-25 13:23:50,546 - DEBUG
[org.opensaml.saml.common.binding.AbstractEndpointResolver:220] - Endpoint
Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:
Returning 1 candidate endpoints of type
{urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2016-05-25 13:23:50,546 - DEBUG
[org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:126] -
Endpoint Resolver
org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither
candidate endpoint location '
https://securelb.imodules.com/controls/login/AssertionConsumerService.aspx?sid=-10680'
nor response location 'null' matched '
https://securelb.imodules.com/controls/login/AssertionConsumerService.aspx?sid=-10680&gid=1'

2016-05-25 13:23:50,546 - DEBUG
[org.opensaml.saml.common.binding.AbstractEndpointResolver:130] - Endpoint
Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No
candidate endpoints met criteria
2016-05-25 13:23:50,546 - WARN
[net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:404]
- Profile Action PopulateBindingAndEndpointContexts: Unable to resolve
outbound message endpoint
2016-05-25 13:23:50,550 - WARN
[org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred
while processing the request: EndpointResolutionFailed
2016-05-25 13:23:50,551 - DEBUG
[org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:154] -
No SAMLBindingContext or binding URI available, error must be handled
locally

On Wed, May 25, 2016 at 1:13 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 5/25/16, 1:04 PM, "users on behalf of Brent Putman" <
> users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:
>
> >That wasn't my recollection, actually, I think I've always seen
> ProtocolBinding being sent.
> >At least as far back as I can remember.  So I looked at one of our pretty
> vanilla SP's
> >running 2.5.5, and it does send ProtocolBinding.
>
> Ok, might be implicated then. I still thought it defaulted, but I would
> have to look at it.
>
> In any case, it's bad form regardless obviously. If it wants to send a
> request and expect the IdP to ignore metadata processing it, then it
> doesn't follow that it should be omitting important details.
>
> -- Scott
>
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>

-- 
Yavor Yanakiev
Systems Developer for Identity Services
212-992-7585
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160525/7c63090a/attachment.html>