StorageService shibboleth.ClientSessionStorageService: Exception unwrapping secured data
Zacharyzachary Pearson
zpearson at hawk.iit.edu
Tue Jan 30 13:12:17 EST 2018
I am trying to configure the attribute and along the way I have run into this error
2018-01-30 11:08:34,904 - ERROR [net.shibboleth.utilities.java.support.security.DataSealer:214] - Exception unwrapping data
java.io.EOFException: null
at java.io.DataInputStream.readFully(DataInputStream.java:197)
2018-01-30 11:08:34,906 - ERROR [org.opensaml.storage.impl.client.ClientStorageService:425] - StorageService shibboleth.ClientSessionStorageService: Exception unwrapping secured data
net.shibboleth.utilities.java.support.security.DataSealerException: Exception unwrapping data
at net.shibboleth.utilities.java.support.security.DataSealer.unwrap(DataSealer.java:215)
Caused by: java.io.EOFException: null
at java.io.DataInputStream.readFully(DataInputStream.java:197)
I’m simply attempting to get the uid from the authenticated user. I’m not entirely sure what this error is suggesting, but “Exception unwrapping secured data” makes me think that the kid is encrypted somehow?
The only other resource on an error like this that I’ve found had dealt with configuring shibboleth to use CAS but I am not doing that, I am using SAML. (http://shibboleth.1660669.n2.nabble.com/CAS-and-HTML-local-storage-td7625739.html <http://shibboleth.1660669.n2.nabble.com/CAS-and-HTML-local-storage-td7625739.html>)
Below I have provided my attribute-resolver.xml and attribute-filter.xml. Please let me know if there are any other documents or info
---------------------------------------------------------------------------My attribute-resolver.xml---------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
<!-- ========================================== -->
<!-- Attribute Definitions -->
<!-- ========================================== -->
<AttributeDefinition xsi:type="Simple" id="uid" sourceAttributeID="uid">
<Dependency ref="myLDAP" />
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid">
<Dependency ref="uid" />
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition id="mail" xsi:type="Template">
<Dependency ref="uid" />
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
<Template>
<![CDATA[
${uid}@example.org
]]>
</Template>
<SourceAttribute>uid</SourceAttribute>
</AttributeDefinition>
<AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="affiliation">
<Dependency ref="staticAttributes" />
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
</AttributeDefinition>
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
<DataConnector id="staticAttributes" xsi:type="Static">
<Attribute id="affiliation">
<Value>member</Value>
</Attribute>
</DataConnector>
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:false}"
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
</DataConnector>
</AttributeResolver>
---------------------------------------------------------------------------my attribute-filter.xml---------------------------------------------------------------------------
<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
xmlns="urn:mace:shibboleth:2.0:afp"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
<AttributeRule attributeID="uid">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicyGroup>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180130/87a8984a/attachment.html>
More information about the users
mailing list