opensaml::BindingException opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST) Invalid HTTP method (GET).

paras pandey paraspandey16 at rediffmail.com
Fri Jan 7 11:52:25 UTC 2022 

Hi, 

I am encountering the issue with shibboleth. 
 opensaml::BindingException
The system encountered an error at Thu Jan 6 16:35:50 2022
To report this problem, please contact the site administrator at …..
Please include the following message in any email:
opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST)
Invalid HTTP method (GET).

Triton service is used in my premises and  Shibboleth xml  is pasted here https://pastebin.com/tHBpNTht



snippet from shibboleth xml file where the url is updated.
{% if ENV == "ppd" %}
<MetadataProvider type="XML"
      url="https://apigateway2.cpuat.comp.com/idp/sso/metadata.xml?spentityid=https://p3.cds.bdf-cloud.comp.net/shibboleth"
      backingFilePath="/etc/shibboleth/cpuatidp.xml" reloadInterval="7200"> 
</MetadataProvider>
{% endif %}
{% if ENV == "prd" %}
<MetadataProvider type="XML" 
                  url="https://apigateway.customerportal.comp.com/idp/sso/2021/metadata.xml?spentityid=p3"
                  backingFilePath="/etc/shibboleth/prdcpuatidp.xml" 
                  reloadInterval="7200"/>
{% endif %}

The users would usually encounter OpenSAML error on chrome browser. Besides, a user on firefox is able to access the URL without any issue but as soon as URL is accessed via private browsing then the same issue persists. It is strange to notice that after clearing browser cache/cookies/history also, sometimes the same OpenSAML error erupts and sometimes not.

SAML logs:

<samlp2:Response Destination="https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST" ID="ResponseId_3c1851fa8a9047a911a8df38459345c4" IssueInstant="2022-01-06T12:37:39.675Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol" > <saml2:Issuer>cpuatidp</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#ResponseId_3c1851fa8a9047a911a8df38459345c4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> &lt
 ;/ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>kic0CKA1ROKxFWlcU+wqwSRa+jE=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>nGf6qeRdMU1GtrWknxcbKYON99giWHaioLtI1cgUP6FICg4CCY6Evel552xzoKBO3G5YCMJjV8Slc0yVHD+V+tdeaF+lNk9uKEBIGvZeanOjJbI65WW8UGmX9NnUYTgJIyZodJvIkxoFD8X9HICfiboJ36RQEIexPb/GOzGuAULeRPlDZCNCqy8HMekyfQATZ9rCZe2Y9mwGG9oK/kFgyAn4kYSIw1aTgr815xU7FnKzYTZfkWyugR5XEOix0hmMUbJeFWadvH7EN886UPZGr/W7hbg04jxIOJDKOLFEDxGfEWQZMHlx+gfM6mtSpAvBUhWhbEdLoM19gUNI57aHSA==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIG7jCCBdagAwIBAgIQMdk1UBOzn3hHvLPEzp6GxTANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIE
 wxSzAeFw0yMTA2MjgxMDAyMjVaFw0yMjA3MTkxMDAyMjVaMHYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEBxMLTW9ycmlzdmlsbGUxEzARBgNVBAoTCklRVklBIEluYy4xIzAhBgNVBAMMGiouY3VzdG9tZXJwb3J0YWwuaXF2aWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfypRpGJ3ozAT+8TwaNWbbfIKU1iG4LqBprdOUtKpX0PFTL378J82obWYAKpI4fE/g8t746YiToN5Wf6r5pX7hM1dp5yrFWFeZe8ZUgREOL3DR27GtvxA622b14ZDSSpink9U3qkLgTqmEHjFLWu6KXZ2RcWctXhwwB6XDhupD6Y8Jcx62NV2tuIiaaZbc/sl28Iko49Hse8qn4eTC3KGXEAhvWsm3WvWJwr6+mZmTF+XCT/0CYn5lb39PmGgdXn5qeAelM+Ju/td0hiwWnXj8weeuSJ76BYV8mGzsRNqlJmrq4N0We9ZtLeEAx9peNBxcJB+BKGCnDZql1NqJS6MwIDAQABo4IDMTCCAy0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUSbVVgy0rtZ/DdECm0KWzVyBU7LwwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8waAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwPwYDVR0RBDgwNoIaKi5jdXN0b21lcnBvcnRhbC5pcXZpYS5jb22CGGN1c3RvbWVycG9ydGF
 sLmlxdmlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYKYIZIAYb6bAoBBTApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXpSEfXcAAAEAwBHMEUCIF9C5Yzb9FIJ8eupY04uL6vXx4KMUbkeHKWXcfQRI2dDAiEAhrk2ESWbAGr0wY1swUD+QESyF3oNqu5WFzerQLtQUBgAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXpSEfXFAAAEAwBHMEUCIDz9ZX+82zdNJQKFA7+SzhJveswhDccvN9vYyjl/JnRmAiEA+xdHrubAHBA/BRuOOwM1FJuB3TrzRSA6eSYhYSkC/60AdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXpSEfc5AAAEAwBHMEUCIEW0epFYJUp19fxqVdmUaMNRJqWkctjM+6IvwUa9TBwrAiEArHPLZhFIfJ0x5jQ0rHzZ177Iuy+e6uXUyYBRr6oSZtgwDQYJKoZIhvcNAQELBQADggEBADKR05rT0pK2ySPzksDZ9iA/zSKBflbO4bSkePAtgpmsCgre2/s5mLglQ+9jUpv8m2j+vKhklbmmZIQbkh0VaK7q6ZxdLpHEbgscX8wlSpK8gFb9GeqVI1XzX1iN8BtWvXcUqvqQ+HGK9VpCs6GqglLQTdzXPOs2NuhG3gZwNgmwR2j6RNZD+fbSK/1vpxF6s7ihymUx+X9R0mJ2AKhpxBTwvDPWifKNWcjsn77TI3oINX6wD2nE0EbnAJGZn+ccs1C8W0l7NHQTao8NMnTI
 3dJxK8b95gIvc9h7hH0uliFgg9OoT9XUbF6QHN4q7l4GbgKvubmQ6Pxxjs01h+FuY+c=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <samlp2:Status> <samlp2:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp2:Status> <saml2:Assertion ID="SamlAssertion-3abdcd15c00da2b94bc01c4789a9dcb2" IssueInstant="2022-01-06T12:37:39.608Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" > <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">cpuatidp</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#SamlAssertion-3abdcd15c00da2b94bc01c4789a9dc
 b2"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>WUg6vTzCVSwbSmI58/hM0EErEnM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>iCJ3OcBPEO4PUhPpnOi9v18gi8SDEVqZWyH2Fl34g2mfag090Fy87nPppEa6dEYZyZpbYaK5WOFzhLav0Yi2Hov8oZ+1OWBF0uXFs21kTexpRndNjMPBGV9wxX8yd4BFgnlfCdkTIeNZxtdmGZrkFGJtsOmg2BQXK03ey20V+8ggUluwCfLyAFtTkNOPw2NAbJDxTDDvvWOL894qs6eKZqbTx3oU21zvdAzxOvY7E1ary/q1wGTXNr55vHCdJG+/Yrcnk5s6DljbXpAycBB0vzLhwV72SFFb0+bJ9F3D2eK9/6ak45AXUSkK9jpV/gLPcsZRThildo33OUVNwT6wcg==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIG7jCCBdagAwIBAgIQMdk1UBOzn3hHvLPEzp6GxTANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMCVVMxFjAU
 BgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0yMTA2MjgxMDAyMjVaFw0yMjA3MTkxMDAyMjVaMHYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEBxMLTW9ycmlzdmlsbGUxEzARBgNVBAoTCklRVklBIEluYy4xIzAhBgNVBAMMGiouY3VzdG9tZXJwb3J0YWwuaXF2aWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfypRpGJ3ozAT+8TwaNWbbfIKU1iG4LqBprdOUtKpX0PFTL378J82obWYAKpI4fE/g8t746YiToN5Wf6r5pX7hM1dp5yrFWFeZe8ZUgREOL3DR27GtvxA622b14ZDSSpink9U3qkLgTqmEHjFLWu6KXZ2RcWctXhwwB6XDhupD6Y8Jcx62NV2tuIiaaZbc/sl28Iko49Hse8qn4eTC3KGXEAhvWsm3WvWJwr6+mZmTF+XCT/0CYn5lb39PmGgdXn5qeAelM+Ju/td0hiwWnXj8weeuSJ76BYV8mGzsRNqlJmrq4N0We9ZtLeEAx9peNBxcJB+BKGCnDZql1NqJS6MwIDAQABo4IDMTCCAy0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUSbVVgy0rtZ/DdECm0KWzVyBU7LwwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8waAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRyd
 XN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwPwYDVR0RBDgwNoIaKi5jdXN0b21lcnBvcnRhbC5pcXZpYS5jb22CGGN1c3RvbWVycG9ydGFsLmlxdmlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYKYIZIAYb6bAoBBTApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXpSEfXcAAAEAwBHMEUCIF9C5Yzb9FIJ8eupY04uL6vXx4KMUbkeHKWXcfQRI2dDAiEAhrk2ESWbAGr0wY1swUD+QESyF3oNqu5WFzerQLtQUBgAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXpSEfXFAAAEAwBHMEUCIDz9ZX+82zdNJQKFA7+SzhJveswhDccvN9vYyjl/JnRmAiEA+xdHrubAHBA/BRuOOwM1FJuB3TrzRSA6eSYhYSkC/60AdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXpSEfc5AAAEAwBHMEUCIEW0epFYJUp19fxqVdmUaMNRJqWkctjM+6IvwUa9TBwrAiEArHPLZhFIfJ0x5jQ0rHzZ177Iuy+e6uXUyYBRr6oSZtgwDQYJKoZIhvcNAQELBQADggEBADKR05rT0pK2ySPzksDZ9iA/zSKBflbO4bSkePAtgpmsCgre2/s5mL
 glQ+9jUpv8m2j+vKhklbmmZIQbkh0VaK7q6ZxdLpHEbgscX8wlSpK8gFb9GeqVI1XzX1iN8BtWvXcUqvqQ+HGK9VpCs6GqglLQTdzXPOs2NuhG3gZwNgmwR2j6RNZD+fbSK/1vpxF6s7ihymUx+X9R0mJ2AKhpxBTwvDPWifKNWcjsn77TI3oINX6wD2nE0EbnAJGZn+ccs1C8W0l7NHQTao8NMnTI3dJxK8b95gIvc9h7hH0uliFgg9OoT9XUbF6QHN4q7l4GbgKvubmQ6Pxxjs01h+FuY+c=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="" >vvilwadrinathan at in.demo.com</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData NotOnOrAfter="2022-01-06T12:38:09.608Z" Recipient="https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST" /> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2022-01-06T12:35:39.608Z" NotOnOrAfter="2022-01-06T12:4
 2:39.608Z" > <saml2:AudienceRestriction> <saml2:Audience>https://p3.cds.bdf-cloud.comp.net/shibboleth</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AttributeStatement> <saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>vvilwadrinathan at in.demo.com</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>vvilwadrinathan</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>Vinod M V (58033)</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_company" NameFormat="urn:oasis
 :names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>IMS Health</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>FileDownload,P3PBIQlik,PI360,acm_salesforce_comp,channeldynamics,cloud_us0201home,elnmdart,iammultidownload,p3gbase</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_userid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>58033</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_userfirstname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>Vinod</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_userlastname" NameFormat="urn
 :oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>M</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> <saml2:AuthnStatement AuthnInstant="2022-01-06T12:37:39.608Z" SessionIndex="_84d57119-b22b-4401-a779-e9483d18a8e4" > <saml2:SubjectLocality Address="10.45.154.7" /> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </samlp2:Response>




 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220107/64888a89/attachment.htm>

More information about the users mailing list