Possible SP provided Metadata problem

Michael Dahlberg olgamirth at gmail.com
Tue Jul 31 09:50:37 EDT 2018


I'm running Sib 3.2.1 as an IdP with Jetty-9.3.24.v20180606 as the java
servlet container and I'm working with a vendor running an SP who has
decided that since they've had to renew their HTTPS SSL cert, that they're
going to update their SAML SP metadata, replacing the existing embedded
X509 cert in their metadata with the signed HTTPS SSL X509 cert.

Once they did this, they gave me their updated metadata and I added it to
our Shib configuration which loads without issues.  Now, when anybody tries
going to the vendors WAYF page, they're redirected to our shib server
(which is running under debug logging).  Once the user presents the request
to our Shib server, the following log entries are generated:

13:15:54.251 - ERROR [org.opensaml.messaging.decoder.servlet.
BaseHttpServletRequestXMLMessageDecoder:151] - [134.82.7.55] - Error
unmarshalling message from input stream
net.shibboleth.utilities.java.support.xml.XMLParserException: Unable to
read data from input stream

// lots of Java error messages

13:15:54.273 - WARN [org.opensaml.profile.action.impl.LogEvent:76] -
[134.82.7.55] - An error event occurred while processing the request:
UnableToDecode
13:15:54.275 - DEBUG [org.opensaml.saml.common.profile.logic.
DefaultLocalErrorPredicate:154] - [134.82.7.55] - No SAMLBindingContext or
binding URI available, error must be handled locally

and that's it ... nothing else.  I've been working under the assumption
that the metadata I've installed is corrupt in some manner that I can fix
(DOS EOL chars instead of UNIX).  Is my assumption correct and is it
possible for me to fix this issue?

Thanks,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180731/404b6f5e/attachment.html>


More information about the users mailing list