Here's the log for that access:
,C=GB
2007-11-16 15:56:35 INFO Shibboleth.Trust.Shibboleth [90] sessionNew:
matched subject CN to a key name (idp.iay.org.uk)
2007-11-16 15:56:35 INFO Shibboleth.Trust.Shibboleth [90] sessionNew:
successfully validated certificate chain
2007-11-16 15:56:35 INFO shibtarget.Listener [90] sessionNew: creating
new session
2007-11-16 15:56:35 INFO shibtarget.SessionCache [90] sessionNew: new
session created with session ID (_8527619736532323a5859b27bda0b6c1)
2007-11-16 15:56:36 INFO shibtarget.SessionCache [91] sessionGet: trying
to get new attributes for session (ID=_8527619736532323a5859b27bda0b6c1)
2007-11-16 15:56:36 INFO SAML.SAMLSOAPHTTPBinding [91] sessionGet:
sending SOAP message to https://idp.iay.org.uk:8448/shibboleth-idp/AA
2007-11-16 15:56:51 ERROR SAML.SAMLSOAPHTTPBinding [91] sessionGet:
failed while contacting SAML responder: connect() timed out!
2007-11-16 15:56:51 ERROR shibtarget.SessionCache [91] sessionGet:
caught SAML exception during SAML attribute query:
SOAPHTTPBindingProvider::send() failed
while contacting SAML responder: connect() timed out!
2007-11-16 15:56:51 ERROR shibtarget.SessionCache [91] sessionGet: no
response obtained
The UK Federation metadata was last downloaded for this SP at 4AM this
morning, so should be up to date!
Simon
Ian Young wrote:
> Jon Warbrick wrote:
>
>
>> Secondly, if anyone has access to a UK Federation-only IdP that is
>> expected to release at least some attributes (perhaps ePSA and/or ePTID)
>> to LSE then could you try accessing
>>
>> https://gabriel.lse.ac.uk/simon/cgi-bin/printenv.pl
>>
>> and let me know if those attributes appear in the resulting table (the
>> table will appear whatever, the question is whether the attribute values
>> are there or not). Just tell me - I'll summarise replies and any
>> eventual outcome to the list.
>>
>
> I get different results from my two separate test IdPs. The 1.2 test
> IdP (urn:mace:ac.uk:sdss.ac.uk:provider:identity:iay.org.uk) works, but
> with the 1.3 IdP
> (urn:mace:ac.uk:sdss.ac.uk:provider:identity:idp.iay.org.uk) I see the
> authentication response go out but no attribute query coming in and the
> result page doesn't have my attributes. There's a delay there that
> looks like a timeout; assuming that's not a firewall at LSE, it is
> possible that the SP has the wrong metadata for that IdP (it changed a
> couple of weeks back). If Simon can look for that transaction in the
> logs, it would be interesting to see where it thinks my AA is.
>
> My last failed request was at 15:56:50 or so.
>
> -- Ian
>
>
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
|