Shibboleth SP not redirecting to the deep link

krrishv krish.v at gmail.com
Tue Dec 18 15:46:03 EST 2018 

I guess if you had accessed the wrong vhost/port you'd get HTTP 404 
from the application server for /Shibboleth.sso/Session so at least 
that part must be correct for "No valid session" to be returned. 

Assuming there's no other user error (try the link below, assuming the 
ServerName from your config actually resolves to your test machine)... 

http://evtswebfiml01.tu.com/Shibboleth.sso/Login?target=http://evtswebfiml01.tu.com/Shibboleth.sso/Session

I tried the above link and still the Shibboleth says "A valid session was
not found"



Well, in your browser you can see the Shib SP sending you an HTTP 
Reponse Header named "Cookie", yes? If so does your browser return 
this header to the server when you access 
http://evtswebfiml01.tu.com/Shibboleth.sso/Session ? 

I guess we're back to you looking at logs. 
https://wiki.shibboleth.net/confluence/display/SP3/Logging
Try raising the log level for the native.log to DEBUG and restart both 
shibd and the webserver. 

I did try enabling debug. I see the SAML assertion everything being printed.

2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: found namespace
declaration, adding it to the list of namespaces on the XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: unmarshalling child
nodes of DOM element (saml2:Issuer)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: processing text content
at position (0)
2018-12-18 13:35:41 DEBUG OpenSAML.MessageDecoder.SAML2 [5]: message from
(http://www.okta.com/exke0nulg4CUR6zjB0h7)
2018-12-18 13:35:41 DEBUG OpenSAML.MessageDecoder.SAML2 [5]: searching
metadata for message issuer...
2018-12-18 13:35:41 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [5]:
evaluating message flow policy (replay checking on, expiration 60)
2018-12-18 13:35:41 DEBUG XMLTooling.StorageService [5]: inserted record
(id8888449459041316800857034) in context (MessageFlow) with expiration
(1545161981)
2018-12-18 13:35:41 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [5]:
validating signature profile
2018-12-18 13:35:41 DEBUG XMLTooling.TrustEngine.ExplicitKey [5]: attempting
to validate signature with the peer's credentials
2018-12-18 13:35:41 DEBUG XMLTooling.TrustEngine.ExplicitKey [5]: signature
validated with credential
2018-12-18 13:35:41 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [5]:
signature verified against message issuer
2018-12-18 13:35:41 DEBUG Shibboleth.SSO.SAML2 [5]: processing message
against SAML 2.0 SSO profile
2018-12-18 13:35:41 DEBUG Shibboleth.SSO.SAML2 [5]: extracting issuer from
SAML 2.0 assertion
2018-12-18 13:35:41 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [5]:
evaluating message flow policy (replay checking on, expiration 60)
2018-12-18 13:35:41 DEBUG XMLTooling.StorageService [5]: inserted record
(id88884494591195781769562280) in context (MessageFlow) with expiration
(1545161981)
2018-12-18 13:35:41 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [5]:
validating signature profile
2018-12-18 13:35:41 DEBUG XMLTooling.TrustEngine.ExplicitKey [5]: attempting
to validate signature with the peer's credentials
2018-12-18 13:35:41 DEBUG XMLTooling.TrustEngine.ExplicitKey [5]: signature
validated with credential
2018-12-18 13:35:41 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [5]:
signature verified against message issuer
2018-12-18 13:35:41 DEBUG OpenSAML.SecurityPolicyRule.BearerConfirmation
[5]: assertion satisfied bearer confirmation requirements
2018-12-18 13:35:41 DEBUG Shibboleth.SSO.SAML2 [5]: SSO profile processing
completed successfully
2018-12-18 13:35:41 DEBUG Shibboleth.SSO.SAML2 [5]: extracting pushed
attributes...
2018-12-18 13:35:41 DEBUG Shibboleth.AttributeExtractor.XML [5]: unable to
extract attributes, unknown XML object type: saml2p:Response
2018-12-18 13:35:41 DEBUG Shibboleth.AttributeExtractor.XML [5]: skipping
unmapped NameID with format
(urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified)
2018-12-18 13:35:41 DEBUG Shibboleth.AttributeExtractor.XML [5]: unable to
extract attributes, unknown XML object type: saml2:AuthnStatement
2018-12-18 13:35:41 DEBUG Shibboleth.AttributeDecoder.String [5]: decoding
SimpleAttribute (uid) from SAML 2 Attribute (uid) with 1 value(s)
2018-12-18 13:35:41 DEBUG Shibboleth.AttributeFilter [5]: filtering 1
attribute(s) from (http://www.okta.com/exke0nulg4CUR6zjB0h7)
2018-12-18 13:35:41 DEBUG Shibboleth.AttributeFilter [5]: applying filtering
rule(s) for attribute (uid) from (http://www.okta.com/exke0nulg4CUR6zjB0h7)
2018-12-18 13:35:41 DEBUG Shibboleth.SSO.SAML2 [5]: resolving attributes...
2018-12-18 13:35:41 DEBUG Shibboleth.AttributeResolver.Query [5]: found
AttributeStatement in input to new session, skipping query
2018-12-18 13:35:41 DEBUG Shibboleth.SessionCache [5]: creating new session
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshal
saml2:NameID
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: XMLObject has a usable
cached DOM, reusing it
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for parent object with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:Subject)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for parent object with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:Assertion)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for parent object with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2p:Response)
2018-12-18 13:35:41 DEBUG Shibboleth.SessionCache [5]: storing new
session...
2018-12-18 13:35:41 DEBUG XMLTooling.StorageService [5]: inserted record
(session) in context (_dc595ea7a5fde2579ca80784b9cdae1a) with expiration
(1545165341)
2018-12-18 13:35:41 DEBUG XMLTooling.StorageService [5]: updated record
(D8I1) in context (NameID) with expiration (1545168941)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshal
saml2:Assertion
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:Issuer
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:Issuer)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject.Signature [5]: marshalling
ds:Signature
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing DOM for
unknown content, preserving current DOM in XML form
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (ds:Signature)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject.Signature [5]: parsing XML
back into DOM tree
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject.Signature [5]: reimporting
new DOM into caller-supplied document
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject.Signature [5]: caching DOM
for Signature
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:Subject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:NameID
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:NameID)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:SubjectConfirmation
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for children with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:SubjectConfirmationData)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:SubjectConfirmation)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:SubjectConfirmationData
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:Conditions
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for children with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:AudienceRestriction)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for children with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:Audience)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:Conditions)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:AudienceRestriction
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:Audience
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:AuthnStatement
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for children with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:AuthnContext)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for children with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:AuthnContextClassRef)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:AuthnStatement)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:AuthnContext
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:AuthnContextClassRef
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:AttributeStatement
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for children with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:Attribute)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for children with propagation set to true
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:AttributeValue)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: releasing cached DOM
representation for (saml2:AttributeStatement)
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:Attribute
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: starting to marshalling
saml2:AttributeValue
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: creating root element to
marshall
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: setting xsi:type
attribute for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: adding XSI namespace to
list of namespaces visibly used by XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling namespace
attributes for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: marshalling text and
child elements for XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject
2018-12-18 13:35:41 DEBUG XMLTooling.XMLObject [5]: caching DOM for
XMLObject (document is bound)
2018-12-18 13:35:41 DEBUG XMLTooling.StorageService [5]: inserted record
(id88884494591195781769562280) in context
(_dc595ea7a5fde2579ca80784b9cdae1a) with expiration (1545165341)
2018-12-18 13:35:41 INFO Shibboleth.SessionCache [5]: new session created:
ID (_dc595ea7a5fde2579ca80784b9cdae1a) IdP
(http://www.okta.com/exke0nulg4CUR6zjB0h7)
Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (172.27.30.17)
2018-12-18 13:35:41 DEBUG Shibboleth.SSO.SAML2 [5]: ACS returning via
redirect to: http://evtswebfiml01.tu.com/
2018-12-18 13:36:17 DEBUG Shibboleth.Listener [1]: dispatching message
(default/Login::run::SAML2SI)
2018-12-18 13:36:17 DEBUG XMLTooling.StorageService [1]: inserted record
(5dae06653d9bf466c85a50a61b1aa83c3e00f765539a926cfc8ec1ca4539d395) in
context (RelayState) with expiration (1545162377)
2018-12-18 13:36:17 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
validating input
2018-12-18 13:36:17 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]:
marshalling, deflating, base64-encoding the message
2018-12-18 13:36:17 DEBUG XMLTooling.XMLObject [1]: starting to marshal
samlp:AuthnRequest




--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list