Re: opensaml::BindingException opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST) Invalid HTTP method (GET).
paras pandey
paraspandey16 at rediffmail.com
Mon Jan 10 02:19:17 UTC 2022
I am not such literate on the metadata part as my exposure to web technologies is very little.I have pasted the downloaded metadata below, could you please have a look and assist. It`s also available at https://pastebin.com/sAfVmVad:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="cpidp">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIG7jCCBdagAwIBAgIQMdk1UBOzn3hHvLPEzp6GxTANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MTA2MjgxMDAyMjVaFw0yMjA3MTkxMDAyMjVaMHYxCzAJBgNVBAYTAlVTMRcwFQYD
VQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEBxMLTW9ycmlzdmlsbGUxEzARBgNV
BAoTCklRVklBIEluYy4xIzAhBgNVBAMMGiouY3VzdG9tZXJwb3J0YWwuaXF2aWEu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfypRpGJ3ozAT+8T
waNWbbfIKU1iG4LqBprdOUtKpX0PFTL378J82obWYAKpI4fE/g8t746YiToN5Wf6
r5pX7hM1dp5yrFWFeZe8ZUgREOL3DR27GtvxA622b14ZDSSpink9U3qkLgTqmEHj
FLWu6KXZ2RcWctXhwwB6XDhupD6Y8Jcx62NV2tuIiaaZbc/sl28Iko49Hse8qn4e
TC3KGXEAhvWsm3WvWJwr6+mZmTF+XCT/0CYn5lb39PmGgdXn5qeAelM+Ju/td0hi
wWnXj8weeuSJ76BYV8mGzsRNqlJmrq4N0We9ZtLeEAx9peNBxcJB+BKGCnDZql1N
qJS6MwIDAQABo4IDMTCCAy0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUSbVVgy0r
tZ/DdECm0KWzVyBU7LwwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8w
aAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0
Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hh
aW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5u
ZXQvbGV2ZWwxay5jcmwwPwYDVR0RBDgwNoIaKi5jdXN0b21lcnBvcnRhbC5pcXZp
YS5jb22CGGN1c3RvbWVycG9ydGFsLmlxdmlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYKYIZI
AYb6bAoBBTApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5lbnRydXN0Lm5ldC9y
cGEwCAYGZ4EMAQICMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2
AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXpSEfXcAAAEAwBHMEUCIF9C5Yzb
9FIJ8eupY04uL6vXx4KMUbkeHKWXcfQRI2dDAiEAhrk2ESWbAGr0wY1swUD+QESy
F3oNqu5WFzerQLtQUBgAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwq
cwAAAXpSEfXFAAAEAwBHMEUCIDz9ZX+82zdNJQKFA7+SzhJveswhDccvN9vYyjl/
JnRmAiEA+xdHrubAHBA/BRuOOwM1FJuB3TrzRSA6eSYhYSkC/60AdgBGpVXrdfqR
IDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXpSEfc5AAAEAwBHMEUCIEW0epFY
JUp19fxqVdmUaMNRJqWkctjM+6IvwUa9TBwrAiEArHPLZhFIfJ0x5jQ0rHzZ177I
uy+e6uXUyYBRr6oSZtgwDQYJKoZIhvcNAQELBQADggEBADKR05rT0pK2ySPzksDZ
9iA/zSKBflbO4bSkePAtgpmsCgre2/s5mLglQ+9jUpv8m2j+vKhklbmmZIQbkh0V
aK7q6ZxdLpHEbgscX8wlSpK8gFb9GeqVI1XzX1iN8BtWvXcUqvqQ+HGK9VpCs6Gq
glLQTdzXPOs2NuhG3gZwNgmwR2j6RNZD+fbSK/1vpxF6s7ihymUx+X9R0mJ2AKhp
xBTwvDPWifKNWcjsn77TI3oINX6wD2nE0EbnAJGZn+ccs1C8W0l7NHQTao8NMnTI
3dJxK8b95gIvc9h7hH0uliFgg9OoT9XUbF6QHN4q7l4GbgKvubmQ6Pxxjs01h+Fu
Y+c=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIG7jCCBdagAwIBAgIQMdk1UBOzn3hHvLPEzp6GxTANBgkqhkiG9w0BAQsFADCB
ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
MTA2MjgxMDAyMjVaFw0yMjA3MTkxMDAyMjVaMHYxCzAJBgNVBAYTAlVTMRcwFQYD
VQQIEw5Ob3J0aCBDYXJvbGluYTEUMBIGA1UEBxMLTW9ycmlzdmlsbGUxEzARBgNV
BAoTCklRVklBIEluYy4xIzAhBgNVBAMMGiouY3VzdG9tZXJwb3J0YWwuaXF2aWEu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfypRpGJ3ozAT+8T
waNWbbfIKU1iG4LqBprdOUtKpX0PFTL378J82obWYAKpI4fE/g8t746YiToN5Wf6
r5pX7hM1dp5yrFWFeZe8ZUgREOL3DR27GtvxA622b14ZDSSpink9U3qkLgTqmEHj
FLWu6KXZ2RcWctXhwwB6XDhupD6Y8Jcx62NV2tuIiaaZbc/sl28Iko49Hse8qn4e
TC3KGXEAhvWsm3WvWJwr6+mZmTF+XCT/0CYn5lb39PmGgdXn5qeAelM+Ju/td0hi
wWnXj8weeuSJ76BYV8mGzsRNqlJmrq4N0We9ZtLeEAx9peNBxcJB+BKGCnDZql1N
qJS6MwIDAQABo4IDMTCCAy0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUSbVVgy0r
tZ/DdECm0KWzVyBU7LwwHwYDVR0jBBgwFoAUgqJwdN28Uz/Pe9T3zX+nYMYKTL8w
aAYIKwYBBQUHAQEEXDBaMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0
Lm5ldDAzBggrBgEFBQcwAoYnaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9sMWstY2hh
aW4yNTYuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5u
ZXQvbGV2ZWwxay5jcmwwPwYDVR0RBDgwNoIaKi5jdXN0b21lcnBvcnRhbC5pcXZp
YS5jb22CGGN1c3RvbWVycG9ydGFsLmlxdmlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEwGA1UdIARFMEMwNwYKYIZI
AYb6bAoBBTApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5lbnRydXN0Lm5ldC9y
cGEwCAYGZ4EMAQICMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgBVgdTCFpA2
AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAXpSEfXcAAAEAwBHMEUCIF9C5Yzb
9FIJ8eupY04uL6vXx4KMUbkeHKWXcfQRI2dDAiEAhrk2ESWbAGr0wY1swUD+QESy
F3oNqu5WFzerQLtQUBgAdgDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwq
cwAAAXpSEfXFAAAEAwBHMEUCIDz9ZX+82zdNJQKFA7+SzhJveswhDccvN9vYyjl/
JnRmAiEA+xdHrubAHBA/BRuOOwM1FJuB3TrzRSA6eSYhYSkC/60AdgBGpVXrdfqR
IDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXpSEfc5AAAEAwBHMEUCIEW0epFY
JUp19fxqVdmUaMNRJqWkctjM+6IvwUa9TBwrAiEArHPLZhFIfJ0x5jQ0rHzZ177I
uy+e6uXUyYBRr6oSZtgwDQYJKoZIhvcNAQELBQADggEBADKR05rT0pK2ySPzksDZ
9iA/zSKBflbO4bSkePAtgpmsCgre2/s5mLglQ+9jUpv8m2j+vKhklbmmZIQbkh0V
aK7q6ZxdLpHEbgscX8wlSpK8gFb9GeqVI1XzX1iN8BtWvXcUqvqQ+HGK9VpCs6Gq
glLQTdzXPOs2NuhG3gZwNgmwR2j6RNZD+fbSK/1vpxF6s7ihymUx+X9R0mJ2AKhp
xBTwvDPWifKNWcjsn77TI3oINX6wD2nE0EbnAJGZn+ccs1C8W0l7NHQTao8NMnTI
3dJxK8b95gIvc9h7hH0uliFgg9OoT9XUbF6QHN4q7l4GbgKvubmQ6Pxxjs01h+Fu
Y+c=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://apigateway.customerportal.comp.com/idp/saml2?PRODUCT=p36"/>
</md:IDPSSODescriptor>
From: Nate Klingenstein <ndk at signet.id>
Sent: Fri, 07 Jan 2022 22:39:18
To: Shib Users <users at shibboleth.net>, users at shibboleth.net <users at shibboleth.net>
Cc: paras pandey <paraspandey16 at rediffmail.com>
Subject: Re: opensaml::BindingException opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST) Invalid HTTP method (GET).
Paras,
This is pretty straightforward. You can't issue a GET request to a POST endpoint. I guess Firefox falls back and attempts a POST if it gets an error, which is... interesting behavior.
I can't look at the metadata to identify the specific problem because it's behind private DNS, but that's pretty much it. Only POST to POST endpoints.
Take care,
Nate
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
-----Original message-----
From: paras pandey via users
Sent: Friday, January 7 2022, 4:52 am
To: users at shibboleth.net
Cc: paras pandey
Subject: opensaml::BindingException opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST) Invalid HTTP method (GET).
Hi,
I am encountering the issue with shibboleth.
opensaml::BindingException
The system encountered an error at Thu Jan 6 16:35:50 2022
To report this problem, please contact the site administrator at …..
Please include the following message in any email:
opensaml::BindingException at (https://p3.cds.bdf-cloud.comp.net/Shibboleth.sso/SAML2/POST)
Invalid HTTP method (GET).
Triton service is used in my premises and Shibboleth xml is pasted here https://pastebin.com/tHBpNTht
snippet from shibboleth xml file where the url is updated.
{% if ENV == "ppd" %}
<MetadataProvider type="XML"
url="
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220110/2609e8de/attachment.htm>
More information about the users
mailing list