Shibboleth-3 issues with ExternalAuth?

Bryan K. Walton bwalton+1545424647 at
Fri Dec 21 15:40:03 EST 2018

We have some users who login to our SP using ExternalAuth.  This was
working fine in Shibboleth 2.6.1 (Red Hat Linux 7).  Then, we upgraded
our SP to shibboleth 3.0.3, and are seeing issues with ExternalAuth.
Some interesting things we are seeing in the logs:

2018-12-21 10:24:20 ERROR Shibboleth.AttributeResolver.Query [25392]
[client-name]: exception during SAML query to
CURLSOAPTransport failed while contacting SOAP endpoint
SSL certificate problem: application verification failure

2018-12-21 10:24:20 ERROR Shibboleth.AttributeResolver.Query [25392]
[xxxxxxxxxxx]: unable to obtain a SAML response from attribute
2018-12-21 10:24:20 ERROR Shibboleth.Handler.ExternalAuth [25392]
[xxxxxxxxxxx]: attribute resolution failed: Unable to obtain a SAML
response from attribute authority.

(It should be noted, that users authenticating from the same IdP, but
NOT using ExternalAuth, don't generate these cert warnings.)

Anybody having issues like this?  Or might know what is going on?

Bryan Walton

Bryan K. Walton                                           319-337-3877 
Linux Systems Administrator                 Leepfrog Technologies, Inc 

More information about the users mailing list