Stuck at /Shibboleth.sso/SAML2/POST

George Glessner gglessner at serviceexpress.com
Thu Jun 28 08:27:26 EDT 2018 

Kunal, 

My local host is set to 

127.0.0.1		localhost	george-oxygen.seitrakker.com

In my hosts file, so technically I am still running through local host. 

I get my metadata file from http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Metadata 

I am not using a linux machine, I am on Windows. 

Thanks, 

George
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Kunal Shah
Sent: Thursday, June 28, 2018 8:22 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST

On Thu, Jun 28, 2018 at 11:55:00AM +0000, George Glessner wrote:
>Hi Kunal,
>
>Yes, http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Status works just fine. I am not sure what you mean that it says it is only allowed from localhost in my shibboleth2.xml, where are you seeing that? 

from your shibboleths.xml file

            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>

and it is not commented. This actually means that only http://locahost:8080/Shibboleth.sso/Status should serve the request. if you go by your host name, it should not. I may be wrong. Someone from this list can confirm. This is mentioned in "Initial Testing" section of shibboleth SP documentation @ 

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxInstall

If I am right, your sp is not using shibboleth2.xml file you attached.

>I already mentioned where it is getting stuck, 
>/Shibboleth.sso/SAML2/POST. I am using port 8080 because that is the 
>port my local site
(george-oxygen.seitrakker.com) is set up on.  When you ask me to check metadata for accuracy are you asking me to check SP side or IDP side? IDP side is accurate, can't tell you if mine is or not hence why I am asking for help.
>

If you are sure IDP side is accurate you need to check yours. Where is the metadata file that you as SP sent to IDP?

Did you try fiddler request trace ?
check this link for how to use fiddler

https://zappysys.com/blog/how-to-use-fiddler-to-analyze-http-web-requests/

-Kunal 

>Thank you,
>
>George
>
>
>-----Original Message-----
>From: users <users-bounces at shibboleth.net> On Behalf Of Kunal Shah
>Sent: Thursday, June 28, 2018 2:48 AM
>To: Shib Users <users at shibboleth.net>
>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>
>
>
>On Wed, Jun 27, 2018 at 02:16:53PM +0000, George Glessner wrote:
>>The POST to the request url: http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST had a status of failed. When I exit out of my browser and open it back up and navigate to http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status it loads up fine.
>
>are you sure http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status comes up fine? shibboleth2.xml you attached says it is allowed only from localhost.
>you should have gotten forbidden error.
>Something is not right. Either you are not using correct shibboleth2.xml or your SP metadata has problem.
>
>>If I then enter in http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST I get the site can't be reached error, and then when going back to the status page I get the same error even though it was working fine just before I went to the POST page. It seems as though the POST page may be modifying something that is causing this?
>>
>
>web/app server and shibd.log should log error for this.
>
>basic troubleshooting steps.
>A) check metadata for accuracy
>B) use fiddler or if you are using chrome, enable developer tools. Trace your request and see where it is getting stuck.
>C) use exact time stamp to correlate logs in web/app server, shibd and native log files.
>
>I am mentioning web/app server because I am not sure why you are using port 8080.
>
>For us to help you, more detailed information is needed.
>
>-Kunal Shah
>
>>-----Original Message-----
>>From: Peter Schober <peter.schober at univie.ac.at>
>>Sent: Wednesday, June 27, 2018 10:01 AM
>>To: George Glessner <gglessner at serviceexpress.com>
>>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>>
>>* George Glessner <gglessner at serviceexpress.com> [2018-06-27 15:47]:
>>> When you say it looks like I'm trying to access something that 
>>> doesn't exist, are you talking about the /Shibboleth.sso/SAML2/POST?
>>
>>No, you wrote earlier:
>>
>>* George Glessner <gglessner at serviceexpress.com> [2018-06-26 19:44]:
>>> I get an error saying that the site cannot be reached and that my 
>>> server IP address cannot be reached
>>
>>That's not a technical error report, of course, but if I had to guess (and I have, lacking evidence from your web server logs or HTTP status codes from the browser) to me that sounds like your browser cannot reach the server.
>>
>>-peter
>>
>>--
>>For Consortium Member technical support, see 
>>https://wiki.shibboleth.net/confluence/x/coFAAg
>>To unsubscribe from this list send an email to 
>>users-unsubscribe at shibboleth.net
>--
>For Consortium Member technical support, see 
>https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to 
>users-unsubscribe at shibboleth.net
>
>--
>For Consortium Member technical support, see 
>https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to 
>users-unsubscribe at shibboleth.net
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list