Hi Anne,
Looks like the authentication is happening OK but the SP can't do an
attribute query because it can't connect to the IdP's AA location (see
appended log extract). I'd check the web server config (might just be
a missing Listen).
Cheers,
Fiona
2008-07-22 14:33:20 INFO SAML.SAMLSOAPHTTPBinding [296] sessionGet: sending
SOAP message to https://shibboleth.qub.ac.uk:8443/shibboleth-idp/AA
2008-07-22 14:33:20 DEBUG SAML.libcurl [296] sessionGet: About to connect()
to shibboleth.qub.ac.uk port 8443
2008-07-22 14:33:20 DEBUG SAML.libcurl [296] sessionGet: Trying
143.117.14.61...
2008-07-22 14:33:35 DEBUG SAML.libcurl [296] sessionGet: Timeout
2008-07-22 14:33:35 DEBUG SAML.libcurl [296] sessionGet: couldn't connect to
host
2008-07-22 14:33:35 DEBUG SAML.libcurl [296] sessionGet: Closing connection
#0
2008-07-22 14:33:35 ERROR SAML.SAMLSOAPHTTPBinding [296] sessionGet: failed
while contacting SAML responder: couldn't connect to host
2008-07-22 14:33:35 ERROR shibtarget.SessionCache [296] sessionGet: caught
SAML exception during SAML attribute query: SOAPHTTPBindingProvider::send()
failed while contacting SAML responder: couldn't connect to host
2008-07-22 14:33:35 ERROR shibtarget.SessionCache [296] sessionGet: no
response obtained
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]]On Behalf Of Anne Duffy
Sent: 22 July 2008 15:52
To: [log in to unmask]
Subject: Testing Attribute Release
I am trying to test what attribute values are being released. Using the
resolvertest tool I see the values I expect - the attribute values for
eduPersonAffiliation and ePSA. However when I try testing via the url
(https://.../printenv) on the UKFederation webpage I don't see anything.
The
HTTP_SHIB_ATTRIBUTES says (value provided;see below) but there is nothing
in the Attriubte Assertion area. The shib logfile doesnt show any errors
and
finishes with
- Dumping generated AuthN Assertion:
<Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" .... >
- Dumping generated SAML Response:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol".... >
The resolver file uses a jdbc connector to get the values from the database.
Any advice would be appreciated.
Thanks,
Anne
Anne Duffy
Library Systems
Information Services
Queen's University Belfast
|