<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Some time ago we set up federation via InC with NIH. Looking recently to add applications, I find that the link to our institutional login at <div><a href="https://nihlogin.nih.gov/NIHfederation/ViewFederatedUniversities.aspx">https://nihlogin.nih.gov/NIHfederation/ViewFederatedUniversities.aspx</a> has the following link:<br><div><br></div><div><a href="https://idp.alaska.edu/idp/profile/SAML2/POST/SSO?shire=https://nihlogin.nih.gov/affwebservices/public/samlcc&target=https://nihlogin.nih.gov/FederationPortal/Portal.asp&providerId=https://federation.nih.gov/FederationGateway">https://idp.alaska.edu/idp/profile/SAML2/POST/SSO?shire=https://nihlogin.nih.gov/affwebservices/public/samlcc&target=https://nihlogin.nih.gov/FederationPortal/Portal.asp&providerId=https://federation.nih.gov/FederationGateway</a></div><div><br></div><div>which produces an error at our IdP ("Error decoding authentication request message"); process log indicates:</div></div><div><br></div><div><div>12:00:00.334 - INFO [Shibboleth-Access:73] - 20121107T210000Z|137.229.79.11|<a href="http://idp.alaska.edu">idp.alaska.edu</a>:443|/profile/SAML2/POST/SSO|</div><div>12:00:00.335 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:343] - Error decoding authentication request message</div><div>org.opensaml.ws.message.decoder.MessageDecodingException: This message deocoder only supports the HTTP POST method</div></div><div><br></div><div>I must be mis-reading these as they appear to me superficially contradictory.</div><div><br></div><div>With more log detail / context:</div><div><br></div><div><div><br></div><div>12:16:17.250 - DEBUG [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:159] - No session associated with session ID NTk2NzQ5Mzc3ZTE0NWJiYWVlZGI3NzRhNDFjNzc3NzA1MDQ2MDljMWIyOTc4OGM2NzNmZDQzZDlhYmE0NGY2ZQ== - session must have timed out</div><div>12:16:17.250 - INFO [Shibboleth-Access:73] - 20121107T211617Z|137.229.12.28|<a href="http://idp.alaska.edu">idp.alaska.edu</a>:443|/profile/SAML2/POST/SSO|</div><div>12:16:17.250 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:85] - shibboleth.HandlerManager: Looking up profile handler for request path: /SAML2/POST/SSO</div><div>12:16:17.251 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:96] - shibboleth.HandlerManager: Located profile handler of the following type for the request path: edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler</div><div>12:16:17.251 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:322] - LoginContext key cookie was not present in request</div><div>12:16:17.251 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:159] - Incoming request does not contain a login context, processing as first leg of request</div><div>12:16:17.251 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:311] - Decoding message with decoder binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'</div><div>12:16:17.251 - DEBUG [org.opensaml.ws.message.decoder.BaseMessageDecoder:75] - Beginning to decode message from inbound transport of type: org.opensaml.ws.transport.http.HttpServletRequestAdapter</div><div>12:16:17.252 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:343] - Error decoding authentication request message</div><div>org.opensaml.ws.message.decoder.MessageDecodingException: This message deocoder only supports the HTTP POST method</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.opensaml.saml2.binding.decoding.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:82) ~[opensaml-2.5.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:78) ~[openws-1.4.2.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:69) ~[opensaml-2.5.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.decodeRequest(SSOProfileHandler.java:331) [shibboleth-identityprovider-2.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.performAuthentication(SSOProfileHandler.java:189) [shibboleth-identityprovider-2.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:160) [shibboleth-identityprovider-2.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:87) [shibboleth-identityprovider-2.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) [servlet-api.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49) [shibboleth-identityprovider-2.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:80) [shibboleth-identityprovider-2.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51) [shibboleth-common-1.3.0.jar:na]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:554) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) [catalina.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) [tomcat-coyote.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) [tomcat-coyote.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote.jar:6.0.32]</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>at java.lang.Thread.run(Thread.java:662) [na:1.6.0_29]</div><div>12:16:17.314 - DEBUG [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:159] - No session associated with session ID NTk2NzQ5Mzc3ZTE0NWJiYWVlZGI3NzRhNDFjNzc3NzA1MDQ2MDljMWIyOTc4OGM2NzNmZDQzZDlhYmE0NGY2ZQ== - session must have timed out</div><div>12:16:17.313 - DEBUG [edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter:159] - No session associated with session ID NTk2NzQ5Mzc3ZTE0NWJiYWVlZGI3NzRhNDFjNzc3NzA1MDQ2MDljMWIyOTc4OGM2NzNmZDQzZDlhYmE0NGY2ZQ== - session must have timed out</div></div><div><br></div></body></html>