Shibboleth IdP Web Login Service - Unsupported Request

fazla fazlarabby043264 at gmail.com
Thu Sep 13 02:32:27 EDT 2018 

Nate,

Thank you once again for your detail reply. 

I have added the meta provider for the samltest. So when I provide my
entityId for testing after uploading my idp-metadata.xml

it redirects me to
https://idp.myuni.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZJRT4MwFIX%2FCun7KIUZt2aQ4PbgkunIQB98MR3cSZPSYm9R9%2B%2BFMeNMzN6a9pzv5Jx0gaJRLU87V%2BsdvHeAzvtqlEZ%2BeohJZzU3AiVyLRpA7kqepw8bHvoBb61xpjSKeCkiWCeNXhqNXQM2B%2FshS3jabWJSO9cip3Qguj7AlxXNa7nfGwWu9hENHZAhzbZ5QbxVL5FaDLRfr6xaX7RSOh%2Bqzm%2BOwwXt8w9Swdm9g0paKB3N8y3x1quYvEZTJqJZJGYhY%2Bx2HlXhlEWsDAQDmB%2FCeS9D7GCt0QntYhIGbDYJ5hMWFUHEbxgPghfiZeead1JXUr9d32Q%2FipDfF0U2GRs9g8VTm15AksWwAz8F24utr2PFz8Ak%2BW%2FO4UyxXdAL9hjU8scetl5lRsny6KVKmc%2BlBeEgJozQZLT8%2FQHJNw%3D%3D&RelayState=ss%3Amem%3A0fc4bb139d00808ae2fd3396bfd47333891be875fcde4bb77d65f07d8276ad88


Of cource this will give me an error as I don't have the server yet but when
I change this to 

https://localhost:8443/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZJRT4MwFIX%2FCun7KIUZt2aQ4PbgkunIQB98MR3cSZPSYm9R9%2B%2BFMeNMzN6a9pzv5Jx0gaJRLU87V%2BsdvHeAzvtqlEZ%2BeohJZzU3AiVyLRpA7kqepw8bHvoBb61xpjSKeCkiWCeNXhqNXQM2B%2FshS3jabWJSO9cip3Qguj7AlxXNa7nfGwWu9hENHZAhzbZ5QbxVL5FaDLRfr6xaX7RSOh%2Bqzm%2BOwwXt8w9Swdm9g0paKB3N8y3x1quYvEZTJqJZJGYhY%2Bx2HlXhlEWsDAQDmB%2FCeS9D7GCt0QntYhIGbDYJ5hMWFUHEbxgPghfiZeead1JXUr9d32Q%2FipDfF0U2GRs9g8VTm15AksWwAz8F24utr2PFz8Ak%2BW%2FO4UyxXdAL9hjU8scetl5lRsny6KVKmc%2BlBeEgJozQZLT8%2FQHJNw%3D%3D&RelayState=ss%3Amem%3A0fc4bb139d00808ae2fd3396bfd47333891be875fcde4bb77d65f07d8276ad88


I see this in the browser 


Replace or remove this logo
Web Login Service - Message Security Error
The request cannot be fulfilled because the message received does not meet
the security requirements of the login service.


and the server log is  

[org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:200]
- Message Handler:  SAML message intended destination endpoint
'https://idp.myuni.edu/idp/profile/SAML2/Redirect/SSO' did not match the
recipient endpoint 'https://localhost:8443/idp/profile/SAML2/Redirect/SSO'

Does that anything to do with the following idp.properties which is
commented out by default.

# Profile flows in which the ProfileRequestContext should be exposed
# in servlet request under the key "opensamlProfileRequestContext"
#idp.profile.exposeProfileRequestContextInServletRequest =
SAML2/POST/SSO,SAML2/Redirect/SSO


It's not supposed to redirect me to the cas client? I am allowing localhost
in the CAS service registry 

This is the detail server log:

 Refreshing ApplicationContext:shibboleth.MetadataResolverService: startup
date [Thu Sep 13 03:50:44 UTC 2018]; parent: Root WebApplicationContext
2018-09-13 03:50:47,202 - INFO
[org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:504]
- Metadata Resolver FileBackedHTTPMetadataResolver SAMLtest: New metadata
successfully loaded for 'https://samltest.id/saml/sp'
2018-09-13 03:50:47,203 - INFO
[org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:324]
- Metadata Resolver FileBackedHTTPMetadataResolver SAMLtest: Next refresh
cycle for metadata provider 'https://samltest.id/saml/sp' will occur on
'2018-09-13T06:50:45.950Z' ('2018-09-13T06:50:45.950Z' local time)
2018-09-13 03:50:47,215 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:380] - Service
'shibboleth.MetadataResolverService': Completed reload and swapped in latest
configuration for service 'shibboleth.MetadataResolverService'
2018-09-13 03:50:47,215 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:387] - Service
'shibboleth.MetadataResolverService': Reload complete
2018-09-13 03:50:47,632 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:380] - Service
'shibboleth.RelyingPartyResolverService': Completed reload and swapped in
latest configuration for service 'shibboleth.RelyingPartyResolverService'
2018-09-13 03:50:47,632 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:387] - Service
'shibboleth.RelyingPartyResolverService': Reload complete
2018-09-13 03:50:47,633 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:199]
- Service 'shibboleth.RelyingPartyResolverService': Reload time set to:
900000, starting refresh thread
2018-09-13 03:50:47,684 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:172]
- Service 'shibboleth.ReloadableAccessControlService': Performing initial
load
2018-09-13 03:50:47,684 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:258]
- Service 'shibboleth.ReloadableAccessControlService': Reloading service
configuration
2018-09-13 03:50:47,686 - INFO
[net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317]
- Loading XML bean definitions from file [C:\Program Files
(x86)\Shibboleth\IdP\conf\access-control.xml]
2018-09-13 03:50:47,705 - INFO
[net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317]
- Loading XML bean definitions from file [C:\Program Files
(x86)\Shibboleth\IdP\system\conf\access-control-system.xml]
2018-09-13 03:50:47,861 - INFO
[net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:583]
- Refreshing ApplicationContext:shibboleth.ReloadableAccessControlService:
startup date [Thu Sep 13 03:50:47 UTC 2018]; parent: Root
WebApplicationContext
2018-09-13 03:50:48,080 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:380] - Service
'shibboleth.ReloadableAccessControlService': Completed reload and swapped in
latest configuration for service 'shibboleth.ReloadableAccessControlService'
2018-09-13 03:50:48,080 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:387] - Service
'shibboleth.ReloadableAccessControlService': Reload complete
2018-09-13 03:50:48,080 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:199]
- Service 'shibboleth.ReloadableAccessControlService': Reload time set to:
300000, starting refresh thread
2018-09-13 03:50:48,095 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:172]
- Service 'shibboleth.ReloadableCASServiceRegistry': Performing initial load
2018-09-13 03:50:48,095 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:258]
- Service 'shibboleth.ReloadableCASServiceRegistry': Reloading service
configuration
2018-09-13 03:50:48,095 - INFO
[net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317]
- Loading XML bean definitions from file [C:\Program Files
(x86)\Shibboleth\IdP\conf\cas-protocol.xml]
2018-09-13 03:50:48,314 - INFO
[net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:583]
- Refreshing ApplicationContext:shibboleth.ReloadableCASServiceRegistry:
startup date [Thu Sep 13 03:50:48 UTC 2018]; parent: Root
WebApplicationContext
2018-09-13 03:50:48,408 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:380] - Service
'shibboleth.ReloadableCASServiceRegistry': Completed reload and swapped in
latest configuration for service 'shibboleth.ReloadableCASServiceRegistry'
2018-09-13 03:50:48,408 - INFO
[net.shibboleth.ext.spring.service.ReloadableSpringService:387] - Service
'shibboleth.ReloadableCASServiceRegistry': Reload complete
2018-09-13 03:50:48,408 - INFO
[net.shibboleth.utilities.java.support.service.AbstractReloadableService:199]
- Service 'shibboleth.ReloadableCASServiceRegistry': Reload time set to:
900000, starting refresh thread
2018-09-13 03:50:49,627 - INFO
[net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext:583] -
Refreshing WebApplicationContext for namespace 'idp-servlet': startup date
[Thu Sep 13 03:50:49 UTC 2018]; parent: Root WebApplicationContext
2018-09-13 03:50:51,330 - INFO
[net.shibboleth.idp.authn.impl.RemoteUserAuthServlet:193] -
RemoteUserAuthServlet will process REMOTE_USER, along with attributes [] and
headers []
2018-09-13 03:51:37,455 - ERROR
[org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:200]
- Message Handler:  SAML message intended destination endpoint
'https://idp.myuni.edu/idp/profile/SAML2/Redirect/SSO' did not match the
recipient endpoint 'https://localhost:8443/idp/profile/SAML2/Redirect/SSO'
2018-09-13 03:51:37,673 - WARN
[net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:202] - Profile
Action WebFlowMessageHandlerAdaptor: Exception handling message
org.opensaml.messaging.handler.MessageHandlerException: SAML message failed
received endpoint check
	at
org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler.checkEndpointURI(ReceivedEndpointSecurityHandler.java:202)
2018-09-13 03:51:37,689 - WARN
[org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event
occurred while processing the request: MessageAuthenticationError




--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list