Idp 3.3.1 authentication flow problem

Jukka Hakosalo jhakosal at
Wed May 24 03:34:45 EDT 2017


We are still trying to update idp 3.2.1 to 3.3.1.
Installing goes ok.
There is something wrong with authentication flow.

2017-05-24 09:40:52,745 - WARN
[net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:198] - Profile
Action PopulateAuthenticationContext: No authentication flows are active
for this request
2017-05-24 09:40:52,791 - INFO
[net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:294] - Profile
Action SelectAuthenticationFlow: No potential flows left to choose from,
authentication failed
idp.authn.flows= Password
<bean id="authn/Password" parent="shibboleth.AuthenticationFlow"
                p:forcedAuthenticationSupported="true" />
<import resource="jaas-authn-config.xml" />

JAAS-authentication is a java module which uses Radius libraries.

The same configuration works with idp 3.2.1.

Could there be something with the session? We uncommented
idp.authn.flows.initial = Password
Idp asked and verified username and password. Then the same error appeared.

SP shows this error:
The system encountered an error at Wed May 24 09:27:59 2017
Please include the following message in any email
opensaml::FatalProfileException at (https://xxxxx/Shibboleth.sso/SAML2/POST)
SAML response reported an IdP error.
Error from identity provider:
Status: urn:oasis:names:tc:SAML:2.0:status:Requester
Sub-Status: urn:oasis:names:tc:SAML:2.0:status:AuthnFailed
 Message: An error occurred.

Should we try to install 3.3.1 from scratch?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list