Shibboleth SP3 Problem: xmltooling::IOException setHeader (Header) failed: -2147024809
stephen at attendeenet.com
Wed Jan 27 20:55:14 UTC 2021
To be more specific, the failed users have the following data being sent via the IDP that is erring:
Can anyone provide any advice on filtering these out of the assertion before the header is set?
> On Jan 27, 2021, at 12:45 PM, Stephen Holland-Chang <stephen at attendeenet.com> wrote:
> After combing through the attributes in more detail we did notice that there are line breaks in the streetaddress attribute for all the failed users and as far as we can tell the successful users do not have line breaks.
> Does that ring any bells? IDP is sending the linebreaks, can shibboleth be set to ignore those or filter them before hitting IIS?
>> On Jan 26, 2021, at 5:28 AM, Cantor, Scott <cantor.2 at osu.edu <mailto:cantor.2 at osu.edu>> wrote:
>> On 1/26/21, 2:27 AM, "users on behalf of Stephen Holland-Chang" <users-bounces at shibboleth.net <mailto:users-bounces at shibboleth.net> on behalf of stephen at attendeenet.com <mailto:stephen at attendeenet.com>> wrote:
>>> I have removed the attribute that is lengthy from the attribute-map.xml. Looking at the DEBUG it skips the attribute but
>>> still resolves the same error when the user attempts to login. Do I have to remove that attributes from the
>>> federationmetadata.xml as well so they dont send it at all?
>> No. The only obvious thing to do is keep ruling out attributes one at a time and file a bug so we get the header name logged. If it had ever happened in 20 years it would be logged already but the error check is pro forma, there's nothing documented by MS that would cause it to fail.
>> You can also file a bug and attach a trace of the response so somebody can reproduce the issue, but being that you're not a member, that's not going to happen outside of the ordinary course of development, which means many months as there are no SP releases planned.
>> -- Scott
>> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg <https://wiki.shibboleth.net/confluence/x/coFAAg>
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users