[HREF-tech] Fwd: Not harvesting proper metada feeds - eduGAIN
Csábi Béla
csabi at sze.hu
2014. Nov. 14., P, 08:46:31 CET
Kedves Kollégák!
Az alábbi e-mail-t kaptam. Okozhatja az a hibát, hogy az
http://mds.edugain.org/ címen elérhető metadata eltér az
http://metadata.eduid.hu/current/ oldalon elérhetőtől? (Pl. a
https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp sp nincs benne az
eduid-s változatban).
A log az idp-ben:
08:19:30.835 - WARN [org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:81] - SPSSODescriptor role metadata for entityID 'https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp' could not be resolved
08:19:30.836 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:100] - SAML protocol message was not signed, skipping XML signature processing
08:19:30.836 - WARN [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:195] - Simple signature validation (with no request-derived credentials) failed
08:19:30.837 - WARN [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:138] - Validation of request simple signature failed for context issuer: https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp
08:19:30.842 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:393] - Message did not meet security requirements
org.opensaml.ws.security.SecurityPolicyException: Validation of request simple signature failed for context issuer
at org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule.doEvaluate(BaseSAMLSimpleSignatureSecurityPolicyRule.java:139) ~[opensaml-2.5.3.jar:na]
at org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule.evaluate(BaseSAMLSimpleSignatureSecurityPolicyRule.java:103) ~[opensaml-2.5.3.jar:na]
at org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:51) ~[openws-1.4.4.jar:na]
at org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:132) ~[openws-1.4.4.jar:na]
at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:83) ~[openws-1.4.4.jar:na]
at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70) ~[opensaml-2.5.3.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.decodeRequest(SSOProfileHandler.java:373) [shibboleth-identityprovider-2.3.8-slo10.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.performAuthentication(SSOProfileHandler.java:211) [shibboleth-identityprovider-2.3.8-slo10.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:189) [shibboleth-identityprovider-2.3.8-slo10.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:90) [shibboleth-identityprovider-2.3.8-slo10.jar:na]
at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:84) ~[shibboleth-common-1.3.7-slo2.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) ~[tomcat6-servlet-2.5-api-6.0.36.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]
at ch.SWITCH.aai.uApprove.Intercepter.intercept(Intercepter.java:147) ~[uApprove-2.5.0.jar:na]
at ch.SWITCH.aai.uApprove.Intercepter.doFilter(Intercepter.java:118) ~[uApprove-2.5.0.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) ~[spring-web-2.5.6.SEC03.jar:2.5.6.SEC03]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) ~[spring-web-2.5.6.SEC03.jar:2.5.6.SEC03]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]
at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) ~[shibboleth-identityprovider-2.3.8-slo10.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]
at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:81) ~[shibboleth-identityprovider-2.3.8-slo10.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]
at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) ~[shibboleth-common-1.3.7-slo2.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) ~[catalina-6.0.36.jar:6.0.36]
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) ~[tomcat-coyote-6.0.36.jar:6.0.36]
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:311) ~[tomcat-coyote-6.0.36.jar:6.0.36]
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) ~[tomcat-coyote-6.0.36.jar:6.0.36]
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705) ~[tomcat-coyote-6.0.36.jar:6.0.36]
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) ~[tomcat-coyote-6.0.36.jar:6.0.36]
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) ~[tomcat-coyote-6.0.36.jar:6.0.36]
at java.lang.Thread.run(Thread.java:701) ~[na:1.6.0_30]
-------- Továbbított üzenet --------
Tárgy: Not harvesting proper metada feeds - eduGAIN
Dátum: Fri, 14 Nov 2014 00:49:53 +0100
Feladó: Jozef Misutka <misutka at ufal.mff.cuni.cz>
Címzett: undisclosed-recipients:;
Dear all,
your IdP's metadata is published to eduGAIN (mds.edugain.org
<http://mds.edugain.org>) national federation but it seems that your IdP
is not harvesting the proper SP metadata feed. This results in an error
when users try to login to our SP using your IdP.
How to reproduce:
1) navigate to https://lindat.mff.cuni.cz/repository/xmlui/
2) click on Login
3) select your IdP
Please, fix it so that your users can login to our SP.
Thank you.
Kind Regards,
Jozef Misutka
____________________________
Technical lead at LINDAT/CLARIN
Institute of Formal and Applied Linguistics
Charles University in Prague, Czech Republic
--
Üdvözlettel:
+--------------------------------+----------------------------------+
| Csábi Béla EIK Igazgató | void main(void){ |
| Széchenyi István Egyetem | printf("Hello World!\n"); |
| H-9026 Győr, Egyetem tér 1. | } |
+--------------------------------+----------------------------------+
|csabi at sze.hu, T:+36-96-503417,Fax:+36-96-613599,GSM:+36-30-6828814 |
+-------------------------------------------------------------------+
--------- következő rész ---------
Egy csatolt HTML állomány át lett konvertálva...
URL: <https://listserv.niif.hu/pipermail/href-tech/attachments/20141114/f14de660/attachment.html>
További információk a(z) HREF-tech levelezőlistáról