Interesting - we've had reports of two of our students unable to log in
to Westlaw today. Our error is "No peer endpoint available to which to
send SAML response", and it does look like it's redirecting us to a URL
with an incorrect shire... starting with http:// instead of https://.
Comparing it against the metadata, all the locations should be https://.
From your logs it looks like you have the same problem.
So it seems that Westlaw have made some change.
Nick
Jethro R Binks wrote:
> Is anyone experiencing problems today?
>
> I am getting end users forwarding messages like this:
>
> "Identity Provider failure at (/shibboleth-idp/SSO)
>
> org.opensaml.SAMLException: Invalid assertion consumer service URL"
>
> (but I do not know what service they were trying to access).
>
> When I watch my Shib logs for a while, I see:
>
> 13:11:19,712 INFO Supplied consumer URL not found in metadata. -
> edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler
> [TP-Processor18;20090515]
>
> 13:11:19,713 ERROR Assertion consumer service URL
> (http://login.westlaw.co.uk/app/authentication/sso/ukfed/auth/rcv) is NOT
> valid for provider (https://www.westlaw.co.uk/metadata). -
> edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler
> [TP-Processor18;20090515]
>
> and looking in the metadata, which I have manually refreshed, I see
> entries like:
>
> <AssertionConsumerService
> Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
> Location="https://login.westlaw.co.uk.ukclt.int.westlaw.com/app/authentication/sso/ukfed/auth/rcv"
> index="2"></AssertionConsumerService>
>
> "login.westlaw.co.uk.ukclt.int.westlaw.com" seems an odd hostname, and
> there are similar ones.
>
> My metadata is: Aggregate built 2009-05-14T15:47:24+01:00
>
> 6660121 May 15 13:11 ukfederation-metadata.xml
>
> Anyone else seeing issues?
>
> Jethro.
>
> . . . . . . . . . . . . . . . . . . . . . . . . .
> Jethro R Binks
> Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
>
|