AW: Exception unwrapping data: Tag mismatch! in "Profile Action ValidateGrant"
clemens.bergmann at tu-darmstadt.de
Fri Apr 8 21:37:10 UTC 2022
thanks for the quick reply. Unfortunately I just checked and the code leaving the idp is the same that also returns on the token endpoint.
One other noteworthy information is that the Idp is setup as a loadbalanced pair. Could it be a problem if Authorization Endpoint and Token Endpoint are served by different IdPs? Both are configured exactly the same.
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
> -----Ursprüngliche Nachricht-----
> Von: users <users-bounces at shibboleth.net> Im Auftrag von Cantor, Scott
> via users
> Gesendet: Freitag, 8. April 2022 17:47
> An: Shib Users <users at shibboleth.net>
> Cc: Cantor, Scott <cantor.2 at osu.edu>
> Betreff: Re: Exception unwrapping data: Tag mismatch! in "Profile Action
> > I unfortunately only sometimes get an “Exception unwrapping data: Tag
> mismatch!” when an oidc-rp tries to
> > get the access token in the Authorization Code Flow.
> That client is mishandling the code then, it's changing something in the data.
> > I traced the problem down to  but could not find out where to increase
> debugging to show me what
> > exactly is wrong with the data that should be unwrapped.
> Wouldn't tell you anything more, it's a decryption failure because the data
> has been modified.
> -- Scott
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6377 bytes
Desc: not available
More information about the users