Error 404 when saving IdP Entity ID in NetApp

Tue Oct 11 12:13:12 UTC 2022

Sorry Mak. So if I navigate to the the "ArtifactResolutionService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"  location provided
within the idp-metadata.xml, I get a CAC prompt, enter my pin, then I get
redirected to a webpage with the following message.

"<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
<soap11:Body>
<saml2p:ArtifactResponse xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
 ID="_048ceea0d013b4eabe0046562de25146" IssueInstant="
2022-10-11T12:10:22.628Z" Version="2.0">
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
</saml2p:ArtifactResponse>
</soap11:Body>
</soap11:Envelope>"

I'll look and see if anonymous access is allowed to the IdP metadata. I
honestly am not sure just yet. Apologies for the confusion, out of my
comfort zone with this one and learning lol. Thanks again.

On Tue, Oct 11, 2022 at 7:45 AM Mak, Steven <makst at upenn.edu> wrote:

> I'm a little confused by this line: "So I was able to navigate to the
> EntityID, got a CAC login, and successfully logged in".
>
>
>
> Are you protecting your IdP metadata endpoint? If so, that's likely the
> problem. It should allow anonymous access to the IdP metadata.
>
>
>
> Your NetApp is likely trying to visit the metadata URL but isn't receiving
> XML, but receiving a 200/302 text/html response.
>
>
>
> - Steve
>
>
>
> *From: *users <users-bounces at shibboleth.net> on behalf of Matt Swann via
> users <users at shibboleth.net>
> *Date: *Tuesday, October 11, 2022 at 7:38 AM
> *To: *Nate Klingenstein <ndk at signet.id>
> *Cc: *Matt Swann <mswann090 at gmail.com>, Shib Users <users at shibboleth.net>
> *Subject: *Re: Error 404 when saving IdP Entity ID in NetApp
>
> Thanks Nate. This was super helpful and guided me in the right direction.
>
>
>
> So I was able to navigate to the EntityID, got a CAC login, and
> successfully logged in.
>
>
>
> I tried to tie the IdP entityID. to NetApp and received:
>
>
>
> " Complete: SAML job failed, Reason: IdP metadata downloaded from the
> provided URL does not have the "entityID" attribute with namespace
> "urn:oasis:names:tc:SAML:2.0:metadata".
>
>
>
> I'm going to start digging into that error more now. It's definitely
> headed in the right direction as NetApp can now download the Metadata from
> the IdP just I just need to fix this error now.
>
>
>
> Thanks again,
>
>
>
> Matt
>
>
>
> On Fri, Oct 7, 2022 at 12:00 PM Nate Klingenstein <ndk at signet.id> wrote:
>
> Matt,
>
> > Is it possible this could be a port issue within the firewall given your
> experience?
>
> That depends on the firewall, but it's more likely to be a 404 from some
> other entity.  Have you checked to see whether it's the Servlet container
> returning the 404?  If so, that would indicate that it's not routing
> requests to the IdP correctly even if the IdP is apparently instantiating
> fine.  You might try querying https://localhost/idp/shibboleth
> <https://urldefense.com/v3/__https:/localhost/idp/shibboleth__;!!IBzWLUs!XnAVMGSF9gnVdhay9GteQGL6CYrClTOYh0lOEQG6MJl9wKmT1ndWztn2QydGXGTD0xJhNnDMqCmKUEjf$>
> from the server itself.
>
> > Before I do that, is there anything else you might know that could cause
> this issue?
>
> All sorts of things in the web hosting environment could be implicated,
> and they're more probable root causes than a firewall.
>
> Take care,
> Nate
>
> --------
> Signet, Inc.
> The Art of Access ®
>
> https://www.signet.id
> <https://urldefense.com/v3/__https:/www.signet.id__;!!IBzWLUs!XnAVMGSF9gnVdhay9GteQGL6CYrClTOYh0lOEQG6MJl9wKmT1ndWztn2QydGXGTD0xJhNnDMqJRtCnQ8$>
>
> -----Original message-----
> From: Matt Swann via users
> Sent: Friday, October 7 2022, 5:13 am
> To: Shib Users
> Cc: Matt Swann
> Subject: Re: Error 404 when saving IdP Entity ID in NetApp
>
> Hey Everyone,
>
> Thanks for all the help. I just wanted to provide an update. All of the
> errors are cleared in the logs and it's only info messages at this point. I
> unfortunately am still getting a 404 error when trying to navigate to the
> EntityID within a browser. Also, when I try to add the EntityID within
> NetApp I get an error saying it can't receive the IdP metadata.
>
> Is it possible this could be a port issue within the firewall given your
> experience? I'd have to submit a request to that specific team to make sure
> the correct ports are open. Before I do that, is there anything else you
> might know that could cause this issue?
>
> Thanks again!
>
> Matt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221011/25445cfa/attachment.htm>