debugging remoteuser / external auth flow

Liam Hoekenga liamr at umich.edu
Tue May 9 10:06:57 EDT 2017 

I'm trying to get the UChicago / Unicon OIDC stuff working w/ the
RemoteUser authn flow.
When it's installed, and I try normal SAML authentication, I get..

    Status: urn:oasis:names:tc:SAML:2.0:status:Requester
    Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
    Message: An error occurred.

This isn't so much a question about the OIDC stuff but figuring out why
RemoteUser is failing.

idp-process.log says...

2017-05-09 09:51:32,873 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:255] -
24.182.176.143 - Profile Action SelectAuthenticationFlow: No specific
Principals requested
2017-05-09 09:51:32,874 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:290] -
24.182.176.143 - Profile Action SelectAuthenticationFlow: No usable active
results available, selecting an inactive flow
2017-05-09 09:51:32,874 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:338] -
24.182.176.143 - Profile Action SelectAuthenticationFlow: Selecting
inactive authentication flow authn/remoteusertoken
2017-05-09 09:51:33,298 - INFO
[net.shibboleth.idp.authn.impl.RemoteUserAuthServlet:257] - 24.182.176.143
- User identity not found in request
2017-05-09 09:51:33,465 - INFO
[net.shibboleth.idp.authn.impl.ValidateExternalAuthentication:152] -
24.182.176.143 - Profile Action ValidateExternalAuthentication: External
authentication failed, no user identity or error information returned
2017-05-09 09:51:33,473 - INFO
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:129] -
24.182.176.143 - Profile Action SelectAuthenticationFlow: Moving incomplete
flow authn/remoteusertoken to intermediate set

I was wondering if I could get more detailed logging out of
net.shibboleth.idp.authn, so I tried adding a TRACE level logger, but
didn't see any additional information..

    <logger name="net.shibboleth.idp.authn" level="TRACE"/>

Did I do it wrong, or is there no TRACE level logging in
net.shibboleth.idp.authn?

Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170509/627f48f2/attachment.html>

More information about the users mailing list