Idp 3.3.1 authentication flow problem

[Cantor, Scott]

On 5/24/17, 3:34 AM, "users on behalf of Jukka Hakosalo" <users-bounces at shibboleth.net on behalf of jhakosal at gmail.com> wrote:

> There is something wrong with authentication flow.

What you posted isn't consistent with the error you got, so I don't know what to tell you. It suggests there are no flows configured and barring other warnings in the log I have no explanation for that, everything you posted couldn't really give that result.

> general-authn.xml

What you posted can't be the *whole* file, of course, that bean had better be inside the list it's normally declared inside.

> Could there be something with the session? We uncommented
> idp.authn.flows.initial = Password

That's wrong to do.

> Idp asked and verified username and password. Then the same error appeared.

That would suggest perhaps that the SP was asking for some specific context class that the Password flow didn't support. I think you'd get slightly different logging and status codes from that, but that's all that comes to mind. Something must be filtering out Password from the set of options it can try, and it's left with nothing.

Maybe you're not using the config you think you are.

> Should we try to install 3.3.1 from scratch?

No. Upgrades are safe and certainly don't break anything like this. Not unless you're using third party features that were implemented incorrectly to start with. A JAAS module wouldn't have any problem like that, it's the simplest case. Upgrading wouldn't touch any of the files involved here.

-- Scott