I think this is the part of log:<br><br>10:41:20.328 - INFO [Shibboleth-Access:74] - 20111128T094120Z|93.70.49.139|www.inarcassa.it:443|/profile/SAML2/Redirect/SSO|<br>10:41:20.328 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:86] - shibboleth.HandlerManager: Looking up profile handler for request path: /SAML2/Redirect/SSO<br>
10:41:20.329 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:97] - shibboleth.HandlerManager: Located profile handler of the following type for the request path: edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler<br>
10:41:20.329 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:163] - Incoming request contains a login context, processing as second leg of request<br>10:41:20.329 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:572] - Unbinding LoginContext<br>
10:41:20.329 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:598] - Expiring LoginContext cookie<br>10:41:20.329 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:607] - Removing LoginContext, with key 0f036b58-d567-4517-b7ea-b6d28ca6f7a5, from StorageService partition loginContexts<br>
10:41:20.330 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:128] - Looking up relying party configuration for <a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a><br>
10:41:20.330 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:134] - No custom relying party configuration found for <a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>, looking up configuration based on metadata groups.<br>
10:41:20.330 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:157] - No custom or group-based relying party configuration found for <a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>. Using default relying party configuration.<br>
10:41:20.331 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:472] - Resolving attributes for principal 'null' for SAML request from relying party '<a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>'<br>
10:41:20.331 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:119] - shibboleth.AttributeResolver resolving attributes for principal null<br>10:41:20.332 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:275] - Specific attributes for principal null were not requested, resolving all attributes.<br>
10:41:20.332 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute uid for principal null<br>10:41:20.332 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector myLDAP for principal null<br>
10:41:20.369 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:308] - Search filter: (uid=$requestContext.principalName)<br>10:41:20.370 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:363] - LDAP data connector myLDAP - Retrieving attributes from LDAP<br>
10:41:20.373 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute uid containing 0 values<br>10:41:20.373 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute Profilo for principal null<br>
10:41:20.373 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector regute for principal null<br>10:41:20.374 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:262] - RDBMS data connector regute - Search Query: select 'ENTPEN9934' CODENT ,A.CODPIN CODPIN ,A.MAT MAT,'Cittadino' RUO ,B.CODFIS CODFIS ,DECODE(A.INDEMLPEC,NULL,A.INDEML,A.INDEMLPEC) INDEML, GET_PROFILE(A.CODPIN) PROFILO FROM I_REGUTE A ,B_ANACAS B WHERE B.MAT(+)=A.MAT AND CODPIN='$requestContext.principalName'<br>
10:41:20.376 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:323] - RDBMS data connector regute - Querying database for attributes with query select 'ENTPEN9934' CODENT ,A.CODPIN CODPIN ,A.MAT MAT,'Cittadino' RUO ,B.CODFIS CODFIS ,DECODE(A.INDEMLPEC,NULL,A.INDEML,A.INDEMLPEC) INDEML, GET_PROFILE(A.CODPIN) PROFILO FROM I_REGUTE A ,B_ANACAS B WHERE B.MAT(+)=A.MAT AND CODPIN='$requestContext.principalName'<br>
10:41:20.381 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:332] - RDBMS data connector regute - Retrieved attributes: []<br>10:41:20.382 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector regsoc for principal null<br>
10:41:20.382 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:262] - RDBMS data connector regsoc - Search Query: select CODPIN ,CODSOC MAT, DECODE(INDPECRPL,NULL,INDEMLRPL,INDPECRPL) INDEML, GET_PROFILE(CODPIN) PROFILO FROM I_REGSOC WHERE CODPIN='$requestContext.principalName'<br>
10:41:20.384 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:323] - RDBMS data connector regsoc - Querying database for attributes with query select CODPIN ,CODSOC MAT, DECODE(INDPECRPL,NULL,INDEMLRPL,INDPECRPL) INDEML, GET_PROFILE(CODPIN) PROFILO FROM I_REGSOC WHERE CODPIN='$requestContext.principalName'<br>
10:41:20.387 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:332] - RDBMS data connector regsoc - Retrieved attributes: []<br>10:41:20.388 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute Profilo containing 0 values<br>
10:41:20.388 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute CodiceEnte for principal null<br>10:41:20.388 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute CodiceEnte containing 0 values<br>
10:41:20.388 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute Contatti for principal null<br>10:41:20.388 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute Contatti containing 0 values<br>
10:41:20.389 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute CodiceFiscale for principal null<br>10:41:20.389 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute CodiceFiscale containing 0 values<br>
10:41:20.389 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute Ruolo for principal null<br>10:41:20.389 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute Ruolo containing 0 values<br>
10:41:20.389 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute CodiceUtente for principal null<br>10:41:20.389 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute CodiceUtente containing 0 values<br>
10:41:20.390 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute Matricola for principal null<br>10:41:20.390 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute Matricola containing 0 values<br>
10:41:20.390 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute uid from resolution result for principal null. It contains no values.<br>
10:41:20.390 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute Profilo from resolution result for principal null. It contains no values.<br>
10:41:20.390 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute CodiceEnte from resolution result for principal null. It contains no values.<br>
10:41:20.390 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute Contatti from resolution result for principal null. It contains no values.<br>
10:41:20.391 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute CodiceFiscale from resolution result for principal null. It contains no values.<br>
10:41:20.391 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute Ruolo from resolution result for principal null. It contains no values.<br>
10:41:20.391 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute CodiceUtente from resolution result for principal null. It contains no values.<br>
10:41:20.391 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:450] - Removing attribute Matricola from resolution result for principal null. It contains no values.<br>
10:41:20.391 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:137] - shibboleth.AttributeResolver resolved, for principal null, the attributes: []<br>10:41:20.392 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:71] - shibboleth.AttributeFilterEngine filtering 0 attributes for principal null<br>
10:41:20.392 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:499] - Creating attribute statement in response to SAML request '_37239fdb6e3f76b3008ee0249f7c3518' from relying party '<a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>'<br>
10:41:20.392 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:128] - No attributes remained after encoding and filtering by value, no attribute statement built<br>10:41:20.392 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:486] - No attributes for principal 'null' support encoding into a supported name identifier format for relying party '<a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>'<br>
10:41:20.393 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:566] - Determining if SAML assertion to relying party '<a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>' should be signed<br>
10:41:20.393 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:639] - IdP relying party configuration 'default' indicates to sign assertions: true<br>10:41:20.393 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:577] - Determining signing credntial for assertion to relying party '<a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>'<br>
10:41:20.393 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:591] - Signing assertion to relying party <a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a><br>
10:41:20.425 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:274] - Attempting to encrypt assertion to relying party '<a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a>'<br>
10:41:20.426 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:279] - Assertion to be encrypted is:<br><?xml version="1.0" encoding="UTF-8"?><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_949f3173d3dadc49c6b480065c2f9f37" IssueInstant="2011-11-28T09:41:20.392Z" Version="2.0"><br>
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"><a href="https://www.inarcassa.it/idp/shibboleth">https://www.inarcassa.it/idp/shibboleth</a></saml2:Issuer><br> <ds:Signature xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"><br>
<ds:SignedInfo><br> <ds:CanonicalizationMethod Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"/><br> <ds:SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/><br>
<ds:Reference URI="#_949f3173d3dadc49c6b480065c2f9f37"><br> <ds:Transforms><br> <ds:Transform Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"/><br>
<ds:Transform Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"/><br> </ds:Transforms><br> <ds:DigestMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>"/><br>
<ds:DigestValue>15JIVyYWH37PNoR5V//vnNximDE=</ds:DigestValue><br> </ds:Reference><br> </ds:SignedInfo><br> <ds:SignatureValue>BGvRNYcexkZ/Gg6keywf5zbigUxjTYmw3nVj4XRDBW2YqkPFQcowfw/zL/kOm8LhXLv9bUfg0I/IDTIt+nOAKxi4NEamoMMLRL9EDnG3uxDlFbSJDTWSBXOLOW5b+74tPRE3D9Ztr6kNoOWH2OzW35Em0LtMrgc2khdJN76Mn74mS5ihbJ+oaxkxS3N0rYcvPdaqCle1tV+gV1v7rbp7gan8zGJDqs/BCVOe4qH4S7rzWHdvpXNX+23C2b/uBB0iF5IkJV8GVUF+HD21Fs3qoNySAmbjQMygNiQ3UIIebyRZj5Zrdq+dR8Jcmzxmsnw3jbAPCpSV/EYEp+i6/8l1Eg==</ds:SignatureValue><br>
<ds:KeyInfo><br> <ds:X509Data><br> <ds:X509Certificate>MIIDKzCCAhOgAwIBAgIUO+7Y4gRs+UeqFOXN3Chpp/tvxgYwDQYJKoZIhvcNAQEFBQAwGzEZMBcG<br>A1UEAxMQd3d3LmluYXJjYXNzYS5pdDAeFw0xMTAzMjYxODM0MTlaFw0zMTAzMjYxODM0MTlaMBsx<br>
GTAXBgNVBAMTEHd3dy5pbmFyY2Fzc2EuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB<br>AQCMPVqXaboBV148Vr7fq2nrLYQvH6JJ2R74DLtl0E7VtKl8JxcU4M/+whpVOsdAdrv4DFJyy/Od<br>XBWWtG4ymbyoMgKMO5tv86l60klW4ZPthOaQf26mybKmtVszp20w1ceAwKCJdS0lr8UThp3n9dL7<br>
095RAsX7wZfczDkex861EaYA9BYkZ4wLByKfZwVya3x8qF1JnNKm8hu1eWcnpTf8qVGK1cNBWxgG<br>1PP1tbqnqnzBGEDt74t2epfACSmYoopssPM3YxdVLIwZEnKSnlR2gWS2/HqV1lXUSgVwnm5Gd0OX<br>bDlOYa3/PziXppD547szGh/k1JRBCz+CxBXamUuxAgMBAAGjZzBlMEQGA1UdEQQ9MDuCEHd3dy5p<br>
bmFyY2Fzc2EuaXSGJ2h0dHBzOi8vd3d3LmluYXJjYXNzYS5pdC9pZHAvc2hpYmJvbGV0aDAdBgNV<br>HQ4EFgQUozkjvieQ70aruNn+iI8okw4SOVowDQYJKoZIhvcNAQEFBQADggEBADa+3qGjas623ssz<br>SVp2g62cmxBj574reK7tjG4ySGzAb8NTd7xE319F7HDHjQzzAvOLwBqmWWRej3TRu97+l07oWXht<br>
bmyp8xzYuigVfwdb8dtJbCp3IG2Pla7ZovxBBX1PbJwaNzCo279d/Qdcr6mYnIolyBJ2FCXGUFqn<br>YVQD+lgeYLIh391zBUsIWCQ+/oPKD/oy1heBS01Wt8ejNQeQS1R/EAiC51eZKOzk0NoIbonHQo4f<br>OvQJVjDjxCszsaHhgfZlKC/hQy1eMDDpvsmnB6wuEF5aNNvYxl8a+qha3lRlqM6sAvaFR6ugX8X+<br>
aymxLQu0yZoEZYXrpcsH6+M=</ds:X509Certificate><br> </ds:X509Data><br> </ds:KeyInfo><br> </ds:Signature><br> <saml2:Subject><br> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><br>
<saml2:SubjectConfirmationData Address="93.70.49.139" InResponseTo="_37239fdb6e3f76b3008ee0249f7c3518" NotOnOrAfter="2011-11-28T09:46:20.392Z" Recipient="<a href="https://www.inarcassa.it/Shibboleth.sso/SAML2/POST">https://www.inarcassa.it/Shibboleth.sso/SAML2/POST</a>"/><br>
</saml2:SubjectConfirmation><br> </saml2:Subject><br> <saml2:Conditions NotBefore="2011-11-28T09:41:20.392Z" NotOnOrAfter="2011-11-28T09:46:20.392Z"><br> <saml2:AudienceRestriction><br>
<saml2:Audience><a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a></saml2:Audience><br> </saml2:AudienceRestriction><br> </saml2:Conditions><br> <saml2:AuthnStatement AuthnInstant="2011-11-28T09:41:12.568Z"><br>
<saml2:SubjectLocality Address="93.70.49.139"/><br> <saml2:AuthnContext><br> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef><br>
</saml2:AuthnContext><br> </saml2:AuthnStatement><br></saml2:Assertion><br><br>10:41:20.429 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:778] - Encoding response to SAML request _37239fdb6e3f76b3008ee0249f7c3518 from relying party <a href="https://www.inarcassa.it/shibboleth">https://www.inarcassa.it/shibboleth</a><br>
10:41:20.431 - INFO [Shibboleth-Audit:970] - 20111128T094120Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_37239fdb6e3f76b3008ee0249f7c3518|<a href="https://www.inarcassa.it/shibboleth|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://www.inarcassa.it/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_4cee0f36347dd1617d516a89775a489f||||||">https://www.inarcassa.it/shibboleth|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://www.inarcassa.it/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_4cee0f36347dd1617d516a89775a489f||||||</a><br>
<br><div class="gmail_quote">2011/11/29 Chad La Joie <span dir="ltr"><<a href="mailto:lajoie@itumi.biz">lajoie@itumi.biz</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
To go any further you need to post the log of *one* complete request<br>
showing the issue without removing things you don't think are<br>
important or adding stuff that you think is.<br>
<div class="im HOEnZb"><br>
On Tue, Nov 29, 2011 at 08:11, Daniele Russo <<a href="mailto:ruda76@gmail.com">ruda76@gmail.com</a>> wrote:<br>
> Have you noticed that the same user tries to login two times in a few<br>
> seconds?<br>
> The second request contains the login context that is removed without<br>
> redirect to login page.<br>
<br>
<br>
</div><div class="HOEnZb"><div class="h5">--<br>
Chad La Joie<br>
<a href="http://www.itumi.biz" target="_blank">www.itumi.biz</a><br>
trusted identities, delivered<br>
--<br>
To unsubscribe from this list send an email to <a href="mailto:users-unsubscribe@shibboleth.net">users-unsubscribe@shibboleth.net</a><br>
</div></div></blockquote></div><br>