Shibboleth-3 issues with ExternalAuth?
Bryan K. Walton
bwalton+1545424647 at leepfrog.com
Fri Dec 21 16:54:29 EST 2018
Also, a very important data point that I left out, every time this
happens, shibd restarts!
-Bryan
On Fri, Dec 21, 2018 at 02:40:03PM -0600, Bryan K. Walton wrote:
> We have some users who login to our SP using ExternalAuth. This was
> working fine in Shibboleth 2.6.1 (Red Hat Linux 7). Then, we upgraded
> our SP to shibboleth 3.0.3, and are seeing issues with ExternalAuth.
> Some interesting things we are seeing in the logs:
>
> 2018-12-21 10:24:20 ERROR Shibboleth.AttributeResolver.Query [25392]
> [client-name]: exception during SAML query to
> https://xxxxxxxxxxxxxx:8443/idp/profile/SAML2/SOAP/AttributeQuery:
> CURLSOAPTransport failed while contacting SOAP endpoint
> (https://xxxxxxxxxxxxxxx:8443/idp/profile/SAML2/SOAP/AttributeQuery):
> SSL certificate problem: application verification failure
>
> 2018-12-21 10:24:20 ERROR Shibboleth.AttributeResolver.Query [25392]
> [xxxxxxxxxxx]: unable to obtain a SAML response from attribute
> authority
> 2018-12-21 10:24:20 ERROR Shibboleth.Handler.ExternalAuth [25392]
> [xxxxxxxxxxx]: attribute resolution failed: Unable to obtain a SAML
> response from attribute authority.
>
> (It should be noted, that users authenticating from the same IdP, but
> NOT using ExternalAuth, don't generate these cert warnings.)
>
> Anybody having issues like this? Or might know what is going on?
>
> Thanks,
> Bryan Walton
>
> --
> Bryan K. Walton 319-337-3877
> Linux Systems Administrator Leepfrog Technologies, Inc
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
--
Bryan K. Walton 319-337-3877
Linux Systems Administrator Leepfrog Technologies, Inc
More information about the users
mailing list