Hmm, I didn't expect the IdP to return HTML in the SAML. But I expect
this is just a side-effect of the exception we are getting on the IdP,
which is then returning the generic error page instead of attributes. If
you can look further into your decoded response you will probably see
error text. Since the test page at
https://target.iay.org.uk/secure/printenv.cgi can request attributes
from there okay I'm pretty sure that URL does work sometimes, just not
most of the time.
I'm stumped.
Nick
Fiona Culloch wrote:
> Hi Nick,
>
> It doesn't look as if the SP is worried about certificates any more.
>
>
> What I am seeing now is:
>> 2008-07-24 08:31:07 INFO SAML.SAMLSOAPHTTPBinding [356] sessionGet: sending SOAP message > to https://dev-wsos-shib.warwick.ac.uk:80/idp/profile/SAML1/SOAP/AttributeQuery
>> 2008-07-24 08:31:07 INFO Shibboleth.Trust.Basic [356] sessionGet:
>> certificate match found in KeyDescriptor
>> 2008-07-24 08:31:07 ERROR shibtarget.SessionCache [356] sessionGet:
>> caught SAML exception during SAML attribute query: CgoKPC
>> FET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQu
>> MDEgVHJhbnNpdGlvbmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL2h0
>> bWw0L3RyYW5zaXRpb25hbC5kdGQiPgo8aHRtbD4KPGhlYWQ+Cjx0aXRsZT4K
>> CjwvdGl0bGU+CgogIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
>> Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTEiPgogIAog
>> IDxNRVRBIE5BTUU9InJvYm90cyIgQ09OVEVOVD0ibm9pbmRleCxub2ZvbGxv
>> [...lots of this, snipped...]
>>
>
> Decoding that as base64, it appears to be HTML, perhaps your SSO login page?
> (Part pasted below). In any case it doesn't look like the SAML response
> which the poor SP is expecting. Can you check to see that the above URL
> is being correctly passed through the web server to the right part of
> the IdP?
>
> Fiona.
>
|