Shibboleth SP3 Problem: xmltooling::IOException setHeader (Header) failed: -2147024809

Stephen Holland-Chang stephen at
Thu Jan 14 01:40:42 UTC 2021

We are using Shibboleth SP 3 (v. on Windows 2019 Server / IIS with Adobe Coldfusion 2018. 

Most users have no problems logging in, but recently have had a handful of people show this error after they try to come back to our Application from the Login:


The system encountered an error at Wed Jan 13 16:30:23 2021 

To report this problem, please contact the site administrator : appsupport at <mailto:appsupport at>

Please include the following in any email:

xmltooling::IOException at (https://xxx/sso.index.cfm <https://xxx/sso.index.cfm>)

setHeader (Header) failed: -2147024809

I cant seem to find anything matching the setHeader error online. 

The error happens for them in Chrome or Safari. 

I have enabled DEBUG logging and in my shibd.log matching the exact time with the user who cannot login and it does not show any errors but a successful session created:

2021-01-13 16:30:23 INFO Shibboleth.SessionCache [1] [default]: new session created: ID (_073dd023bc2583df7a05ce9725a7dba2) IdP (http://xxxxxxxx <http://xxxxxxxx/>) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (xx.xx.xx.xx)

Based on the error is Shibboleth having setting the headers? Could there be something on the user end that would prevent that? (Security software?)

In my Shibboleth2.xml file I have:

<ISAPI normalizeRequest="true" useHeaders="true" safeHeaderNames="true”>

Our application does use Request headers to pass SAML attributes from the IDP back to our server. I understand this is not the best way to handle it but this is how we were doing it with Shibboleth 2 and never could figure out how to get CGI variables to show up from the IDP. 

I would appreciate if anyone has any information on this or could offer help here. 

Thanks so much!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list