<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Kedves Kollégák!<br>
<br>
Az alábbi e-mail-t kaptam. Okozhatja az a hibát, hogy az
<a class="moz-txt-link-freetext" href="http://mds.edugain.org/">http://mds.edugain.org/</a> címen elérhető metadata eltér az
<a class="moz-txt-link-freetext" href="http://metadata.eduid.hu/current/">http://metadata.eduid.hu/current/</a> oldalon elérhetőtől? (Pl. a
<a class="moz-txt-link-freetext" href="https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp">https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp</a> sp nincs benne az
eduid-s változatban).<br>
<br>
A log az idp-ben:<br>
<br>
<pre>08:19:30.835 - WARN [org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:81] - SPSSODescriptor role metadata for entityID '<a class="moz-txt-link-freetext" href="https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp">https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp</a>' could not be resolved</pre>
<pre>08:19:30.836 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:100] - SAML protocol message was not signed, skipping XML signature processing</pre>
<pre>08:19:30.836 - WARN [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:195] - Simple signature validation (with no request-derived credentials) failed</pre>
<pre>08:19:30.837 - WARN [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:138] - Validation of request simple signature failed for context issuer: <a class="moz-txt-link-freetext" href="https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp">https://ufal-point.mff.cuni.cz/shibboleth/eduid/sp</a></pre>
<pre>08:19:30.842 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:393] - Message did not meet security requirements</pre>
<pre>org.opensaml.ws.security.SecurityPolicyException: Validation of request simple signature failed for context issuer</pre>
<pre> at org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule.doEvaluate(BaseSAMLSimpleSignatureSecurityPolicyRule.java:139) ~[opensaml-2.5.3.jar:na]</pre>
<pre> at org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule.evaluate(BaseSAMLSimpleSignatureSecurityPolicyRule.java:103) ~[opensaml-2.5.3.jar:na]</pre>
<pre> at org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:51) ~[openws-1.4.4.jar:na]</pre>
<pre> at org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:132) ~[openws-1.4.4.jar:na]</pre>
<pre> at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:83) ~[openws-1.4.4.jar:na]</pre>
<pre> at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70) ~[opensaml-2.5.3.jar:na]</pre>
<pre> at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.decodeRequest(SSOProfileHandler.java:373) [shibboleth-identityprovider-2.3.8-slo10.jar:na]</pre>
<pre> at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.performAuthentication(SSOProfileHandler.java:211) [shibboleth-identityprovider-2.3.8-slo10.jar:na]</pre>
<pre> at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:189) [shibboleth-identityprovider-2.3.8-slo10.jar:na]</pre>
<pre> at edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler.processRequest(SSOProfileHandler.java:90) [shibboleth-identityprovider-2.3.8-slo10.jar:na]</pre>
<pre> at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:84) ~[shibboleth-common-1.3.7-slo2.jar:na]</pre>
<pre> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) ~[tomcat6-servlet-2.5-api-6.0.36.jar:na]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at ch.SWITCH.aai.uApprove.Intercepter.intercept(Intercepter.java:147) ~[uApprove-2.5.0.jar:na]</pre>
<pre> at ch.SWITCH.aai.uApprove.Intercepter.doFilter(Intercepter.java:118) ~[uApprove-2.5.0.jar:na]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) ~[spring-web-2.5.6.SEC03.jar:2.5.6.SEC03]</pre>
<pre> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) ~[spring-web-2.5.6.SEC03.jar:2.5.6.SEC03]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) ~[shibboleth-identityprovider-2.3.8-slo10.jar:na]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:81) ~[shibboleth-identityprovider-2.3.8-slo10.jar:na]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) ~[shibboleth-common-1.3.7-slo2.jar:na]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) ~[catalina-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) ~[tomcat-coyote-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:311) ~[tomcat-coyote-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) ~[tomcat-coyote-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705) ~[tomcat-coyote-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) ~[tomcat-coyote-6.0.36.jar:6.0.36]</pre>
<pre> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) ~[tomcat-coyote-6.0.36.jar:6.0.36]</pre>
<pre> at java.lang.Thread.run(Thread.java:701) ~[na:1.6.0_30]</pre>
<br>
<div class="moz-forward-container"><br>
<br>
-------- Továbbított üzenet --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Tárgy: </th>
<td>Not harvesting proper metada feeds - eduGAIN</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Dátum: </th>
<td>Fri, 14 Nov 2014 00:49:53 +0100</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Feladó:
</th>
<td>Jozef Misutka <a class="moz-txt-link-rfc2396E" href="mailto:misutka@ufal.mff.cuni.cz"><misutka@ufal.mff.cuni.cz></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Címzett:
</th>
<td>undisclosed-recipients:;</td>
</tr>
</tbody>
</table>
<br>
<br>
<div dir="ltr"><span
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">Dear
all,</span><br
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">
<br>
your IdP's metadata is published to eduGAIN (<a
moz-do-not-send="true" href="http://mds.edugain.org">mds.edugain.org</a>)
national federation but it seems that your IdP is not harvesting
the proper SP metadata feed. This results in an error when users
try to login to our SP using your IdP.
<div><br>
</div>
<div>How to reproduce:</div>
<div>1) navigate to <a moz-do-not-send="true"
href="https://lindat.mff.cuni.cz/repository/xmlui/">https://lindat.mff.cuni.cz/repository/xmlui/</a></div>
<div>2) click on Login</div>
<div>3) select your IdP</div>
<div><br>
<div>Please, fix it so that your users can login to our SP.</div>
<div>Thank you.<br>
<div><br
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">
<span
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">Kind
Regards,</span><br
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">
<span
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">Jozef
Misutka</span><br
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">
<span
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">____________________________</span><br
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">
<span
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">Technical
lead at LINDAT/CLARIN</span><br
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">
<span
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">Institute
of Formal and Applied Linguistics</span><br
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">
<span
style="color:rgb(0,0,0);font-family:arial,sans,sans-serif;font-size:13px;white-space:pre-wrap">Charles
University in Prague, Czech Republic</span>
<div><br>
</div>
</div>
</div>
</div>
</div>
<br>
<pre class="moz-signature" cols="72">--
Üdvözlettel:
+--------------------------------+----------------------------------+
| Csábi Béla EIK Igazgató | void main(void){ |
| Széchenyi István Egyetem | printf("Hello World!\n"); |
| H-9026 Győr, Egyetem tér 1. | } |
+--------------------------------+----------------------------------+
|<a class="moz-txt-link-abbreviated" href="mailto:csabi@sze.hu">csabi@sze.hu</a>, T:+36-96-503417,Fax:+36-96-613599,GSM:+36-30-6828814 |
+-------------------------------------------------------------------+</pre>
<br>
</div>
<br>
</body>
</html>