StorageService shibboleth.ClientSessionStorageService: Exception unwrapping secured data

Zacharyzachary Pearson zpearson at hawk.iit.edu
Tue Jan 30 13:12:17 EST 2018


I am trying to configure the attribute and along the way I have run into this error

2018-01-30 11:08:34,904 - ERROR [net.shibboleth.utilities.java.support.security.DataSealer:214] - Exception unwrapping data
java.io.EOFException: null
        at java.io.DataInputStream.readFully(DataInputStream.java:197)
2018-01-30 11:08:34,906 - ERROR [org.opensaml.storage.impl.client.ClientStorageService:425] - StorageService shibboleth.ClientSessionStorageService: Exception unwrapping secured data
net.shibboleth.utilities.java.support.security.DataSealerException: Exception unwrapping data
        at net.shibboleth.utilities.java.support.security.DataSealer.unwrap(DataSealer.java:215)
Caused by: java.io.EOFException: null
        at java.io.DataInputStream.readFully(DataInputStream.java:197)


I’m simply attempting to get the uid from the authenticated user. I’m not entirely sure what this error is suggesting, but “Exception unwrapping secured data” makes me think that the kid is encrypted somehow?
The only other resource on an error like this that I’ve found had dealt with configuring shibboleth to use CAS but I am not doing that, I am using SAML. (http://shibboleth.1660669.n2.nabble.com/CAS-and-HTML-local-storage-td7625739.html <http://shibboleth.1660669.n2.nabble.com/CAS-and-HTML-local-storage-td7625739.html>)
 Below I have provided my attribute-resolver.xml and attribute-filter.xml. Please let me know if there are any other documents or info

---------------------------------------------------------------------------My attribute-resolver.xml---------------------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>
<AttributeResolver
        xmlns="urn:mace:shibboleth:2.0:resolver"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">


    <!-- ========================================== -->
    <!--      Attribute Definitions                 -->
    <!-- ========================================== -->

    <AttributeDefinition xsi:type="Simple" id="uid" sourceAttributeID="uid">
        <Dependency ref="myLDAP" />
        <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
        <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
    </AttributeDefinition>

    <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid">
        <Dependency ref="uid" />
        <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
        <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
    </AttributeDefinition>

    <AttributeDefinition id="mail" xsi:type="Template">
        <Dependency ref="uid" />
        <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
        <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
        <Template>
          <![CDATA[
               ${uid}@example.org
          ]]>
        </Template>
        <SourceAttribute>uid</SourceAttribute>
    </AttributeDefinition>

    <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="affiliation">
        <Dependency ref="staticAttributes" />
        <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
        <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
    </AttributeDefinition>


    <!-- ========================================== -->
    <!--      Data Connectors                       -->
    <!-- ========================================== -->

    <DataConnector id="staticAttributes" xsi:type="Static">
        <Attribute id="affiliation">
            <Value>member</Value>
        </Attribute>
    </DataConnector>

    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
        ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
        baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
        principal="%{idp.attribute.resolver.LDAP.bindDN}"
        principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:false}"
        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
        <FilterTemplate>
            <![CDATA[
                %{idp.attribute.resolver.LDAP.searchFilter}
            ]]>
        </FilterTemplate>
    </DataConnector>
</AttributeResolver>




---------------------------------------------------------------------------my attribute-filter.xml---------------------------------------------------------------------------

<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
        xmlns="urn:mace:shibboleth:2.0:afp"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">


        <AttributeRule attributeID="uid">
                <PermitValueRule xsi:type="ANY" />
        </AttributeRule>

</AttributeFilterPolicyGroup>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180130/87a8984a/attachment.html>


More information about the users mailing list