AW: Exception unwrapping data: Tag mismatch! in "Profile Action ValidateGrant"

[Bergmann, Clemens]

Hi Scott,

thanks for the quick reply. Unfortunately I just checked and the code leaving the idp is the same that also returns on the token endpoint.

One other noteworthy information is that the Idp is setup as a loadbalanced pair. Could it be a problem if Authorization Endpoint and Token Endpoint are served by different IdPs? Both are configured exactly the same.

Viele Grüße
Clemens (Bergmann)
-- 
Clemens Bergmann
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
http://www.hrz.tu-darmstadt.de/


> -----Ursprüngliche Nachricht-----
> Von: users <users-bounces at shibboleth.net> Im Auftrag von Cantor, Scott
> via users
> Gesendet: Freitag, 8. April 2022 17:47
> An: Shib Users <users at shibboleth.net>
> Cc: Cantor, Scott <cantor.2 at osu.edu>
> Betreff: Re: Exception unwrapping data: Tag mismatch! in "Profile Action
> ValidateGrant"
> 
> >    I unfortunately only sometimes get an “Exception unwrapping data: Tag
> mismatch!” when an oidc-rp tries to
> > get the access token in the Authorization Code Flow.
> 
> That client is mishandling the code then, it's changing something in the data.
> 
> >    I traced the problem down to [1] but could not find out where to increase
> debugging to show me what
> >  exactly is wrong with the data that should be unwrapped.
> 
> Wouldn't tell you anything more, it's a decryption failure because the data
> has been modified.
> 
> -- Scott
> 
> 
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6377 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220408/2f183e35/attachment.p7s>