What might cause opensaml::BindingException for some users?

Cameron Kerr cameron.kerr at otago.ac.nz
Mon Mar 19 23:55:47 EDT 2018 

I operate an old Shibboleth IdP (2.5.4, IIRC -- with 3.3.2 about to be cut-over).

I’ve had a couple of support tickets come through for one particular SP (the most common and important one) whereby two different users (one staff, one student) have been sent successfully through the IdP, but when the response makes it to the SP, it appears to break with the following message sent to the user’s browser.

---------------------------------------------------------------------

opensaml::BindingException

The system encountered an error at Sat Mar 17 08:57:33 2018

To report this problem, please contact the site administrator at root at localhost.

Please include the following message in any email:

opensaml::BindingException at (https://[REDACTED]/Shibboleth.sso/SAML2/POST)

Invalid HTTP method (GET).

---------------------------------------------------------------------

The issue is clearly only affecting a small minority of users, and my client has started escalating with the vendor, only I don’t have a lot of confidence the vendor will find the issue.

The symptom from the message appear to be that the browser has sent a GET where a POST should have been used.

Both affected users have up-to-date browsers (one Chrome, one Firefox), and add-ons do not appear to be causing the issue. The affected users can reproduce the issue at will, although one did say that after five or six goes it finally worked.

I'm thinking that perhaps the SP is in some load-balanced cluster arrangement, and perhaps one or more back-end servers have an issue.

I would like to know if anyone has seen such an issue, and what might cause it. This is the first time I've seen this issue in the five or so years that this IdP has been running with this SP.

It's probably a browser-based issue, but I'm curious if there might be anything on the SP side that would cause it.

Welcoming any insights.

Cheers,
Cameron


-- 
Mr Cameron Kerr | BSc PgDipSci
Systems Engineer

Infrastructure & Applications • ITS | Te Wāhaka Matua Hakarau Māhiohio
University of Otago | Te Whare Wānanga o Otāgo
Tel/Waea 64 3 479 8191 | Mobile/Waea pūkoro 64 21 479 527

New Zealand | Aotearoa

More information about the users mailing list