Is anyone experiencing problems today?
I am getting end users forwarding messages like this:
"Identity Provider failure at (/shibboleth-idp/SSO)
org.opensaml.SAMLException: Invalid assertion consumer service URL"
(but I do not know what service they were trying to access).
When I watch my Shib logs for a while, I see:
13:11:19,712 INFO Supplied consumer URL not found in metadata. -
edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler
[TP-Processor18;20090515]
13:11:19,713 ERROR Assertion consumer service URL
(http://login.westlaw.co.uk/app/authentication/sso/ukfed/auth/rcv) is NOT
valid for provider (https://www.westlaw.co.uk/metadata). -
edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler
[TP-Processor18;20090515]
and looking in the metadata, which I have manually refreshed, I see
entries like:
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
Location="https://login.westlaw.co.uk.ukclt.int.westlaw.com/app/authentication/sso/ukfed/auth/rcv"
index="2"></AssertionConsumerService>
"login.westlaw.co.uk.ukclt.int.westlaw.com" seems an odd hostname, and
there are similar ones.
My metadata is: Aggregate built 2009-05-14T15:47:24+01:00
6660121 May 15 13:11 ukfederation-metadata.xml
Anyone else seeing issues?
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK
|