Print

Print

Hi

 

I had a report that someone was having trouble logging in to heinonline.org and was getting the error message:

 

Error contacting your identity provider

There was a problem contacting your identity provider. This may be a temporary problem, so please try again. If the error persists please contact the system administrator.



Problem reference: 14030510-4Z8V9O38

 

 


I tried it myself and sure enough the same thing happened to me.   A look in our IdP logs shows the authentication succeeding but then the rest of the process failing with the following:

 

16:11:05.824 - INFO [Shibboleth-Audit:745] - 20140305T161105Z|urn:mace:shibboleth:1.0:profiles:AuthnRequest||https://heinonline.org/entity|urn:mace:shibboleth:2.0:profiles:saml1:sso|https://idp.dundee.ac.uk/shibboleth|urn:oasis:names:tc:SAML:1.0:profiles:browser-post|_4f06c7206d77ed0819842c37cb4ed15e|alswiffin|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport||_d138ba32dafcac37fcf19160c8f84275|_2287f7676c8c44b295a3b887d39a767f,|

16:11:08.808 - INFO [Shibboleth-Access:73] - 20140305T161108Z|92.4.15.23|idp.dundee.ac.uk:443|/profile/SAML2/Redirect/SSO|

16:11:08.808 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:100] - SAML protocol message was not signed, skipping XML signature processing

16:11:10.121 - INFO [Shibboleth-Access:73] - 20140305T161110Z|173.225.61.254|idp.dundee.ac.uk:8443|/profile/SAML1/SOAP/AttributeQuery|

16:11:10.121 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:100] - SAML protocol message was not signed, skipping XML signature processing

16:11:10.121 - ERROR [org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator:151] - PKIX path construction failed for untrusted credential: [subjectName='CN=heinonline.org,O=HeinOnLine']: unable to find valid certification path to requested target

16:11:10.121 - ERROR [org.opensaml.ws.security.provider.ClientCertAuthRule:157] - Authentication via client certificate failed for context presenter entity ID https://heinonline.org/entity

16:11:10.121 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml1.AttributeQueryProfileHandler:180] - Message did not meet security requirements

 

It looks to me like they’re bust – certificate problem?

 

Andy

Dundee

 


The University of Dundee is a registered Scottish Charity, No: SC015096