random issues with idp 3.4.1

[Paul B. Henson]

So I'm testing my idp 3.4.1 upgrade and running into random failures on some services; well, not random in the sense that it occasionally fails, but random in the sense that a number fail and a number seem to be fine. For example, the following services fail to correctly operate with the new version of the idp:

smartsheet.com - A valid authentication statement was not found in the incoming message

educause - Unexpected exception occurred in Response Handling: Unable to decrypt the assertion

tableau - Unable to Sign In Invalid username or password

Kaltura - goes into auth loop

exlibrisgroup.com ALMA library system - The login process has failed. Please refer to the library for assistance

handshake.com - Looks like we're having some server issues

Duo admin console - Invalid response from SSO provider

Whereas these services seem perfectly fine with it:

lynda.com
Kivuto web store
Shib wiki/issues
Servicenow
Portfolium
Slack.com
Concur

I'm testing by overriding name resolution for the idp on my local system to send the browser to the test instance. The only failure that actually gives any technical detail is the one from educause, which says it was unable to decrypt the assertion. The other failures may or may not have the same underlying cause, I need to try to contact the vendors and get debugging assistance from their side 8-/.

Any thoughts on this? Anyone else working on an upgrade running into unexpected issues such as this?

Thanks...

--
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  henson at cpp.edu
California State Polytechnic University  |  Pomona CA 91768