opensaml::BindingException opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST) Invalid HTTP method (GET).

Fri Jan 7 17:09:16 UTC 2022

Paras,

This is pretty straightforward.  You can't issue a GET request to a POST endpoint.  I guess Firefox falls back and attempts a POST if it gets an error, which is... interesting behavior.

I can't look at the metadata to identify the specific problem because it's behind private DNS, but that's pretty much it.  Only POST to POST endpoints.

Take care,
Nate

--------
Signet, Inc.
The Art of Access ®

https://www.signet.id

-----Original message-----
From: paras  pandey via users
Sent: Friday, January 7 2022, 4:52 am
To: users at shibboleth.net
Cc: paras  pandey
Subject: opensaml::BindingException opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST)  Invalid HTTP method (GET).

Hi,

I am encountering the issue with shibboleth.

opensaml::BindingException
The system encountered an error at Thu Jan 6 16:35:50 2022
To report this problem, please contact the site administrator at …..
Please include the following message in any email:
opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST)
Invalid HTTP method (GET).

Triton service is used in my premises and  Shibboleth xml  is pasted here https://pastebin.com/tHBpNTht

snippet from shibboleth xml file where the url is updated.

{% if ENV == "ppd" %}
<MetadataProvider type="XML"
      url="https://apigateway2.cpuat.comp.com/idp/sso/metadata.xml?spentityid=https://p3.cds.bdf-cloud.comp.net/shibboleth"
      backingFilePath="/etc/shibboleth/cpuatidp.xml" reloadInterval="7200"> 
</MetadataProvider>
{% endif %}
{% if ENV == "prd" %}
<MetadataProvider type="XML" 
                  url="https://apigateway.customerportal.comp.com/idp/sso/2021/metadata.xml?spentityid=p3"
                  backingFilePath="/etc/shibboleth/prdcpuatidp.xml" 
                  reloadInterval="7200"/>
{% endif %}

The users would usually encounter OpenSAML error on chrome browser. Besides, a user on firefox is able to access the URL without any issue but as soon as URL is accessed via private browsing then the same issue persists. It is strange to notice that after clearing browser cache/cookies/history also, sometimes the same OpenSAML error erupts and sometimes not.

SAML logs:

<samlp2:Response Destination="https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST <https://p360.cds.bdf-cloud.iqvia.net/Shibboleth.sso/SAML2/POST>" ID="ResponseId_3c1851fa8a9047a911a8df38459345c4" IssueInstant="2022-01-06T12:37:39.675Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol" > <saml2:Issuer>cpuatidp</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n>" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>" /> <ds:Reference URI="#ResponseId_3c1851fa8a9047a911a8df38459345c4"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature <http://www.w3.org/2000/09/xmldsig#enveloped-signature>" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n>" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>" /> <ds:DigestValue>kic0CKA1ROKxFWlcU+wqwSRa+jE=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>nGf6qeRdMU1GtrWknxcbKYON99giWHaioLtI1cgUP6FICg4CCY6Evel552xzoKBO3G5YCMJjV8Slc0yVHD+V+tdeaF+lNk9uKEBIGvZeanOjJbI65WW8UGmX9NnUYTgJIyZodJvIkxoFD8X9HICfiboJ36RQEIexPb/GOzGuAULeRPlDZCNCqy8HMekyfQATZ9rCZe2Y9mwGG9oK/kFgyAn4kYSIw1aTgr815xU7FnKzYTZfkWyugR5XEOix0hmMUbJeFWadvH7EN886UPZGr/W7hbg04jxIOJDKOLFEDxGfEWQZMHlx+gfM6mtSpAvBUhWhbEdLoM19gUNI57aHSA==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIG7jCCBdagAwIBAgIQMdk1UBOzn3hHvLPEzp6GxTANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0yMTA2MjgxMDAyMjVaFw0yMjA3MTkxMDAyMjVaMHYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEBxMLTW9ycmlzdmlsbGUxEzARBgNVBAoTCklRVklBIEluYy4xIzAhBgNVBAMMGiouY3VzdG9tZXJwb3J0YWwuaXF2aWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfypRpGJ3ozAT+8TwaNWbbfIKU1iG4LqBprdOUtKpX0PFTL378J82obWYAKpI4fE/g8t746YiToN5Wf6r5pX7hM1dp5yrFWFeZe8ZUgREOL3DR27GtvxA622b14ZDSSpink9U3qkLgTqmEHjFLWu6KXZ2RcWctXhwwB6XDhupD6Y8Jcx62NV2tuIiaaZbc/sl28Iko49Hse8qn4eTC3KGXEAhvWsm3WvWJwr6+mZmTF+XCT/0CYn5lb39PmGgdXn5qeAelM+Ju/td0hiwWnXj8weeuSJ76BYV8mGzsRNqlJmrq4N0We9ZtLeEAx9peNBxcJB+BKGCnDZql1NqJS6MwIDAQABo4IDMTCCAy0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUSbVVgy0rtZ/DdECm0KWzVyBU7LwwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8waAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwPwYDVR0RBDgwNoIaKi5jdXN0b21lcnBvcnRhbC5pcXZpYS5jb22CGGN1c3RvbWVycG9ydGFsLmlxdmlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYKYIZIAYb6bAoBBTApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXpSEfXcAAAEAwBHMEUCIF9C5Yzb9FIJ8eupY04uL6vXx4KMUbkeHKWXcfQRI2dDAiEAhrk2ESWbAGr0wY1swUD+QESyF3oNqu5WFzerQLtQUBgAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXpSEfXFAAAEAwBHMEUCIDz9ZX+82zdNJQKFA7+SzhJveswhDccvN9vYyjl/JnRmAiEA+xdHrubAHBA/BRuOOwM1FJuB3TrzRSA6eSYhYSkC/60AdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXpSEfc5AAAEAwBHMEUCIEW0epFYJUp19fxqVdmUaMNRJqWkctjM+6IvwUa9TBwrAiEArHPLZhFIfJ0x5jQ0rHzZ177Iuy+e6uXUyYBRr6oSZtgwDQYJKoZIhvcNAQELBQADggEBADKR05rT0pK2ySPzksDZ9iA/zSKBflbO4bSkePAtgpmsCgre2/s5mLglQ+9jUpv8m2j+vKhklbmmZIQbkh0VaK7q6ZxdLpHEbgscX8wlSpK8gFb9GeqVI1XzX1iN8BtWvXcUqvqQ+HGK9VpCs6GqglLQTdzXPOs2NuhG3gZwNgmwR2j6RNZD+fbSK/1vpxF6s7ihymUx+X9R0mJ2AKhpxBTwvDPWifKNWcjsn77TI3oINX6wD2nE0EbnAJGZn+ccs1C8W0l7NHQTao8NMnTI3dJxK8b95gIvc9h7hH0uliFgg9OoT9XUbF6QHN4q7l4GbgKvubmQ6Pxxjs01h+FuY+c=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <samlp2:Status> <samlp2:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> </samlp2:Status> <saml2:Assertion ID="SamlAssertion-3abdcd15c00da2b94bc01c4789a9dcb2" IssueInstant="2022-01-06T12:37:39.608Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" > <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">cpuatidp</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n>" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1 <http://www.w3.org/2000/09/xmldsig#rsa-sha1>" /> <ds:Reference URI="#SamlAssertion-3abdcd15c00da2b94bc01c4789a9dcb2"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature <http://www.w3.org/2000/09/xmldsig#enveloped-signature>" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n# <http://www.w3.org/2001/10/xml-exc-c14n>" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 <http://www.w3.org/2000/09/xmldsig#sha1>" /> <ds:DigestValue>WUg6vTzCVSwbSmI58/hM0EErEnM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>iCJ3OcBPEO4PUhPpnOi9v18gi8SDEVqZWyH2Fl34g2mfag090Fy87nPppEa6dEYZyZpbYaK5WOFzhLav0Yi2Hov8oZ+1OWBF0uXFs21kTexpRndNjMPBGV9wxX8yd4BFgnlfCdkTIeNZxtdmGZrkFGJtsOmg2BQXK03ey20V+8ggUluwCfLyAFtTkNOPw2NAbJDxTDDvvWOL894qs6eKZqbTx3oU21zvdAzxOvY7E1ary/q1wGTXNr55vHCdJG+/Yrcnk5s6DljbXpAycBB0vzLhwV72SFFb0+bJ9F3D2eK9/6ak45AXUSkK9jpV/gLPcsZRThildo33OUVNwT6wcg==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIG7jCCBdagAwIBAgIQMdk1UBOzn3hHvLPEzp6GxTANBgkqhkiG9w0BAQsFADCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0yMTA2MjgxMDAyMjVaFw0yMjA3MTkxMDAyMjVaMHYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEBxMLTW9ycmlzdmlsbGUxEzARBgNVBAoTCklRVklBIEluYy4xIzAhBgNVBAMMGiouY3VzdG9tZXJwb3J0YWwuaXF2aWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfypRpGJ3ozAT+8TwaNWbbfIKU1iG4LqBprdOUtKpX0PFTL378J82obWYAKpI4fE/g8t746YiToN5Wf6r5pX7hM1dp5yrFWFeZe8ZUgREOL3DR27GtvxA622b14ZDSSpink9U3qkLgTqmEHjFLWu6KXZ2RcWctXhwwB6XDhupD6Y8Jcx62NV2tuIiaaZbc/sl28Iko49Hse8qn4eTC3KGXEAhvWsm3WvWJwr6+mZmTF+XCT/0CYn5lb39PmGgdXn5qeAelM+Ju/td0hiwWnXj8weeuSJ76BYV8mGzsRNqlJmrq4N0We9ZtLeEAx9peNBxcJB+BKGCnDZql1NqJS6MwIDAQABo4IDMTCCAy0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUSbVVgy0rtZ/DdECm0KWzVyBU7LwwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8waAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hhaW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwxay5jcmwwPwYDVR0RBDgwNoIaKi5jdXN0b21lcnBvcnRhbC5pcXZpYS5jb22CGGN1c3RvbWVycG9ydGFsLmlxdmlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYKYIZIAYb6bAoBBTApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXpSEfXcAAAEAwBHMEUCIF9C5Yzb9FIJ8eupY04uL6vXx4KMUbkeHKWXcfQRI2dDAiEAhrk2ESWbAGr0wY1swUD+QESyF3oNqu5WFzerQLtQUBgAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXpSEfXFAAAEAwBHMEUCIDz9ZX+82zdNJQKFA7+SzhJveswhDccvN9vYyjl/JnRmAiEA+xdHrubAHBA/BRuOOwM1FJuB3TrzRSA6eSYhYSkC/60AdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXpSEfc5AAAEAwBHMEUCIEW0epFYJUp19fxqVdmUaMNRJqWkctjM+6IvwUa9TBwrAiEArHPLZhFIfJ0x5jQ0rHzZ177Iuy+e6uXUyYBRr6oSZtgwDQYJKoZIhvcNAQELBQADggEBADKR05rT0pK2ySPzksDZ9iA/zSKBflbO4bSkePAtgpmsCgre2/s5mLglQ+9jUpv8m2j+vKhklbmmZIQbkh0VaK7q6ZxdLpHEbgscX8wlSpK8gFb9GeqVI1XzX1iN8BtWvXcUqvqQ+HGK9VpCs6GqglLQTdzXPOs2NuhG3gZwNgmwR2j6RNZD+fbSK/1vpxF6s7ihymUx+X9R0mJ2AKhpxBTwvDPWifKNWcjsn77TI3oINX6wD2nE0EbnAJGZn+ccs1C8W0l7NHQTao8NMnTI3dJxK8b95gIvc9h7hH0uliFgg9OoT9XUbF6QHN4q7l4GbgKvubmQ6Pxxjs01h+FuY+c=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="" >vvilwadrinathan at in.demo.com</saml2:NameID <mailto:vvilwadrinathan at in.imshealth.com%3c/saml2:NameID>> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData NotOnOrAfter="2022-01-06T12:38:09.608Z" Recipient="https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST <https://p360.cds.bdf-cloud.iqvia.net/Shibboleth.sso/SAML2/POST>" /> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2022-01-06T12:35:39.608Z" NotOnOrAfter="2022-01-06T12:42:39.608Z" > <saml2:AudienceRestriction> <saml2:Audience>https://p3.cds.bdf-cloud.comp.net/shibboleth</saml2:Audience <https://p360.cds.bdf-cloud.iqvia.net/shibboleth%3c/saml2:Audience>> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AttributeStatement> <saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>vvilwadrinathan at in.demo.com</saml2:AttributeValue <mailto:vvilwadrinathan at in.imshealth.com%3c/saml2:AttributeValue>> </saml2:Attribute> <saml2:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>vvilwadrinathan</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>Vinod M V (58033)</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_company" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>IMS Health</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>FileDownload,P3PBIQlik,PI360,acm_salesforce_comp,channeldynamics,cloud_us0201home,elnmdart,iammultidownload,p3gbase</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_userid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>58033</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_userfirstname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>Vinod</saml2:AttributeValue> </saml2:Attribute> <saml2:Attribute Name="cp_userlastname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" > <saml2:AttributeValue>M</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> <saml2:AuthnStatement AuthnInstant="2022-01-06T12:37:39.608Z" SessionIndex="_84d57119-b22b-4401-a779-e9483d18a8e4" > <saml2:SubjectLocality Address="10.45.154.7" /> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion> </samlp2:Response>

--

For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net