Shibboleth SP3 Problem: xmltooling::IOException setHeader (Header) failed: -2147024809

Stephen Holland-Chang stephen at attendeenet.com
Fri Jan 15 00:38:48 UTC 2021 

What is strange about this is that looking at the DEBUG logs Shibboleth does not throw an error or anything it looks like its processing everything fine. 
Session is created and all the attributes we need look to be decrypted and set properly. The user is redirected:

2021-01-14 16:07:12 DEBUG Shibboleth.SSO.SAML2 [1] [default]: ACS returning via redirect to: https://xx/sso/index.cfm

But the user then see that xmltooling::IOException error when it tries to hit that Shibboleth protected page https://xx/sso/index.cfm

Is that  error thrown by Shibboleth? 

Stephen

> On Jan 14, 2021, at 4:28 PM, Stephen Holland-Chang <stephen at attendeenet.com> wrote:
> 
> Thanks for helping me understand the logger better. That worked and I found out that the decrypted attributes being passed are prepended with a value which includes a backslash. 
> 
> For example:
> <AttributeValue>corp\examplevalue</AttributeValue>
> 
> Could the \ be causing problems with Shibboleth setting the data into the request header? If so, are there any options for escaping that in Shibboleth?
> 
> Thanks for the help!
> 
> Stephen 
> 
> 
>> On Jan 14, 2021, at 12:09 PM, Cantor, Scott <cantor.2 at osu.edu <mailto:cantor.2 at osu.edu>> wrote:
>> 
>> On 1/14/21, 3:06 PM, "users on behalf of Stephen Holland-Chang" <users-bounces at shibboleth.net <mailto:users-bounces at shibboleth.net> on behalf of stephen at attendeenet.com <mailto:stephen at attendeenet.com>> wrote:
>> 
>>>   Ive looked at the log configuration guide for Shibboleth SP 3 but still cannot see anywhere in logs to show me which
>>> SAML2 data that keeps failing. 
>> 
>> The part that tells you to use shibd.log for anything important, which is configured by shibd.logger.
>> 
>> However I would say the native.logger file is long broken, most of the categories in it are only in the other log file so they're misleading by including them there.
>> 
>> -- Scott
>> 
>> 
>> -- 
>> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg <https://wiki.shibboleth.net/confluence/x/coFAAg>
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210114/80039994/attachment.htm>

More information about the users mailing list