Dear Simon,
Thanks for taking the time to get back to me. I tried logging in to your SP and it seems to work fine - it's nice to see the header contents - so I'm none the wiser. It's weird because I don't see any errors in the log when the Science Direct failure occurs - so no divergence to check which is a pain as I've got nothing to go on.
:(
Thanks
AL
Mr. Alexander Roberts
Web Development Officer
Library and Information Services
Swansea University/Prifysgol Abertawe
+44 (0)1792 513239
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Simon McLeish
Sent: 30 January 2008 15:32
To: [log in to unmask]
Subject: Re: science direct login failure
Hi AL,
If your metadata is happily being used by other SPs, the error suggests
that the problem is likely to be that SD doesn't currently have accurate
information about your certificate. However, it has been known for this
error to occur for seemingly less logical reasons, so it is probably
worth making sure exactly when the (DEBUG level) log entries for a
successful access elsewhere and the log entries for a failed SD access
diverge. You could also see if you can find an SP which replicates the
problem elsewhere, where you might be able to get a quicker response.
Try https://gabriel.lse.ac.uk/simon/cgi-bin/printenv.pl which is
protected by a UK-Fed SP I run.
Cheers,
Simon
Roberts A.L. wrote:
> Dear Simon,
>
> Thanks for getting back to me with a suggestion. I've turned on debugging at my end for shib-error and shib-access and unfortunately I get nothing that points to the problem appearing in the logs when the SD login failure occurs...
>
> Just FYI the certificate is a JANET cert and is still valid for my IdP, and I can access other shib protected resources such as filmandsound.ac.uk just fine. Seems like I'm going to have to wait for Science Direct to get back to me with failure info...
>
> Many thanks
> AL
>
> Mr. Alexander Roberts
> Web Development Officer
> Library and Information Services
> Swansea University/Prifysgol Abertawe
> +44 (0)1792 513239
>
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Simon McLeish
> Sent: 24 January 2008 14:36
> To: [log in to unmask]
> Subject: Re: science direct login failure
>
> Hi AL,
>
> I've just checked and access via the London School of Economics and
> Political Science IdP works fine. So the problem is likely to be in your
> set up - the error message indicates the Science Direct SP has a problem
> with the certificate used to sign your IdP's messages to it.
> Unfortunately, the certificate based error messages are not very
> helpful, and I've had this error for various reasons in the past, and in
> some cases without a sensible log entry at the SP. Do you get anything
> about the rejected response in your IdP logs? (I'm assuming that other
> SPs are happy to communicate - otherwise the problem is usually easier
> to find, as it's going to be something like using an expired
> certificate, or having the certificate listed in the IdP config with an
> incorrect file name, or not have permission to read the certificate file.)
>
> Cheers,
> Simon
>
> Roberts A.L. wrote:
>
>> Dear List,
>>
>>
>>
>> We are in the process of testing access to various SPs at the mo, one
>> of which is Science Direct. We’ve been added as an institution that
>> can login via shib. Problem is that when I try and log into the
>> service the SP SHIRE is failing with the following message:
>>
>> *Inter-institutional Access System Failure*
>>
>> The inter-institutional access system experienced a technical failure
>> at Thu Jan 24 08:12:28 2008
>> "><!-- Unknown SHIBMLP key: originErrorURL/>.
>>
>> Please include the following error message when reporting the problem:
>>
>> SHIRE failure at (https://sdauth.sciencedirect.com/SHIRE)
>>
>> Session Creation Error: unable to verify signed profile response
>>
>> ---------------------
>>
>>
>>
>> According to the Science Direct login page the following institutions
>> are all valid to login via their IdPs. Has anyone from these sites had
>> a similar problem?
>>
>>
>>
>> Aberystwyth University
>>
>> Cardiff University
>>
>> JISC project: Angel
>>
>> London School of Economics and Political Science
>>
>> Thames Valley University
>>
>> University College London
>>
>> University of Abertay Dundee
>>
>> University of Bath
>>
>> University of Bristol
>>
>> University of Cambridge
>>
>> University of Leeds
>>
>> University of Oxford
>>
>>
>>
>> Just for info I’ve already contacted the UK Fed people and they have
>> checked that the IdP setup is right at our end and I have sent a
>> request to SD asking for the log entries that correspond to our failed
>> login attempt.
>>
>>
>>
>> AL
>>
>>
>>
>> *Mr. Alexander Roberts*
>>
>> Web Development Officer**
>>
>> Library and Information Services
>>
>> Swansea University/Prifysgol Abertawe
>>
>> +44 (0)1792 513239
>>
>>
>>
>>
>
> Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
>
Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
|