debugging remoteuser / external auth flow

Liam Hoekenga liamr at
Tue May 9 10:06:57 EDT 2017

I'm trying to get the UChicago / Unicon OIDC stuff working w/ the
RemoteUser authn flow.
When it's installed, and I try normal SAML authentication, I get..

    Status: urn:oasis:names:tc:SAML:2.0:status:Requester
    Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
    Message: An error occurred.

This isn't so much a question about the OIDC stuff but figuring out why
RemoteUser is failing.

idp-process.log says...

2017-05-09 09:51:32,873 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:255] - - Profile Action SelectAuthenticationFlow: No specific
Principals requested
2017-05-09 09:51:32,874 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:290] - - Profile Action SelectAuthenticationFlow: No usable active
results available, selecting an inactive flow
2017-05-09 09:51:32,874 - DEBUG
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:338] - - Profile Action SelectAuthenticationFlow: Selecting
inactive authentication flow authn/remoteusertoken
2017-05-09 09:51:33,298 - INFO
[net.shibboleth.idp.authn.impl.RemoteUserAuthServlet:257] -
- User identity not found in request
2017-05-09 09:51:33,465 - INFO
[net.shibboleth.idp.authn.impl.ValidateExternalAuthentication:152] - - Profile Action ValidateExternalAuthentication: External
authentication failed, no user identity or error information returned
2017-05-09 09:51:33,473 - INFO
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:129] - - Profile Action SelectAuthenticationFlow: Moving incomplete
flow authn/remoteusertoken to intermediate set

I was wondering if I could get more detailed logging out of
net.shibboleth.idp.authn, so I tried adding a TRACE level logger, but
didn't see any additional information..

    <logger name="net.shibboleth.idp.authn" level="TRACE"/>

Did I do it wrong, or is there no TRACE level logging in

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list