JISCMail - JISC-SHIBBOLETH Archives

Email discussion lists for the UK Education and Research communities
Subscriber's Corner
Email Lists
JISC-SHIBBOLETH Archives

JISC-SHIBBOLETH@JISCMAIL.AC.UK

View:

Message:
[
First
Last
]
By Topic:
[
First
Last
]
By Author:
[
First
Last
]
Font:
Proportional Font
		LISTSERV Archives
		JISC-SHIBBOLETH Home
		JISC-SHIBBOLETH July 2009
Options

Subscribe or Unsubscribe
Get Password
Subject:
Re: Authentication Failure
From:
Rod Widdowson <[log in to unmask]>
Reply-To:
Discussion list for Shibboleth developments <[log in to unmask]>
Date:
Tue, 14 Jul 2009 11:59:24 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (506 lines)
It could just be a hiccough in the logging but this looks odd:

> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.Ldap:550] -   dn = 
> dc=Strat-Col,dc=stratford,dc=ac,dc=uk

What does your login.conf look like?  In particular what does

base="XXXX"

 point to?

I would expect to say something like

base="CN=Users,DC=Strat-Col,dc=stratford,dc=ac,dc=uk"

Rod

----- Original Message ----- 
From: "SUBSCRIBE UKFEDERATION-DISCUSS Baljit" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, July 14, 2009 11:34 AM
Subject: Authentication Failure


Hi,

I'm setting up my first IDP.  When I test with testshib I get an 
authentication
failure.  I've attached relevant sections of the IDP process log and 
security
log.  Has anyone come across this problem and solved it?

Regards,

B Chima
Systems Analyst
Computing Services
Stratford upon Avon College




--------------------------------------------------------------------------------


> IDP process log
>
> 11:10:17.526 - INFO [Shibboleth-Access:72] - 
> 20090714T101017Z|172.16.101.168|vm-idp.strat-col.stratford.ac.uk:443|/profile/SAML2/Redirect/SSO|
> 11:10:17.536 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:85] 
>  - shibboleth.HandlerManager: Looking up profile handler for request path: 
> /SAML2/Redirect/SSO
> 11:10:17.536 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:93] 
>  - shibboleth.HandlerManager: Located profile handler of the following 
> type for the request path: 
> edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
> 11:10:17.536 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:144] 
>  - Incoming request does not contain a login context, processing as first 
> leg of request
> 11:10:17.536 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:288] 
>  - Decoding message with decoder binding 
> urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
> 11:10:17.536 - DEBUG 
> [org.opensaml.ws.message.decoder.BaseMessageDecoder:72] - Beginning to 
> decode message from inbound transport of type: 
> org.opensaml.ws.transport.http.HttpServletRequestAdapter
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder:93] - 
> Decoded RelayState: null
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder:130] - 
> Base64 decoding and inflating SAML message
> 11:10:17.536 - DEBUG 
> [org.opensaml.ws.message.decoder.BaseMessageDecoder:140] - Parsing message 
> stream into DOM document
> 11:10:17.536 - DEBUG 
> [org.opensaml.ws.message.decoder.BaseMessageDecoder:150] - Unmarshalling 
> message DOM
> 11:10:17.536 - DEBUG 
> [org.opensaml.ws.message.decoder.BaseMessageDecoder:162] - Message 
> succesfully unmarshalled
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder:108] - 
> Decoded SAML message
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder:111] - 
> Extracting ID, issuer and issue instant from request
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:77] - 
> Metadata document does not contain an EntityDescriptor with the ID 
> https://sp.testshib.org/shibboleth-sp
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:200] - Cached 
> metadata is stale, refreshing
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:228] - 
> Refreshing cache of metadata from URL 
> http://www.testshib.org/metadata/testshib-providers.xml, max cache 
> duration set to 2880 seconds
> 11:10:17.536 - DEBUG 
> [org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:271] - Fetching 
> metadata document from remote server
> 11:10:18.257 - DEBUG 
> [org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:284] - 
> Unmarshalled metadata from remote server
> 11:10:18.257 - DEBUG 
> [org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider:106]  
> - Writting retrieved metadata to backup file 
> D:\Shibboleth\idp\metadata\testshib.xml
> 11:10:18.257 - DEBUG 
> [org.opensaml.saml2.metadata.provider.FileBackedHTTPMetadataProvider:158]  
> - Converting DOM to a string
> 11:10:18.267 - DEBUG 
> [org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:233] - 
> Calculating expiration time
> 11:10:18.267 - DEBUG 
> [org.opensaml.saml2.metadata.provider.HTTPMetadataProvider:236] - Metadata 
> cache expires on 2009-07-14T11:58:18.267+01:00
> 11:10:18.267 - INFO 
> [org.opensaml.security.MetadataCredentialResolver:450] - Credential cache 
> cleared
> 11:10:18.267 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:797] 
>  - Write lock over cache acquired
> 11:10:18.267 - INFO 
> [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802] 
>  - PKIX validation info cache cleared
> 11:10:18.267 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:805] 
>  - Write lock over cache released
> 11:10:18.267 - INFO 
> [org.opensaml.security.MetadataCredentialResolver:450] - Credential cache 
> cleared
> 11:10:18.267 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:797] 
>  - Write lock over cache acquired
> 11:10:18.267 - INFO 
> [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802] 
>  - PKIX validation info cache cleared
> 11:10:18.267 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:805] 
>  - Write lock over cache released
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:126] 
>  - Looking up relying party configuration for 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:132] 
>  - No custom relying party configuration found for 
> https://sp.testshib.org/shibboleth-sp, looking up configuration based on 
> metadata groups.
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:77] - 
> Metadata document does not contain an EntityDescriptor with the ID 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:155] 
>  - No custom or group-based relying party configuration found for 
> https://sp.testshib.org/shibboleth-sp. Using default relying party 
> configuration.
> 11:10:18.277 - DEBUG 
> [org.opensaml.ws.message.decoder.BaseMessageDecoder:82] - Evaluating 
> security policy of type 
> 'edu.internet2.middleware.shibboleth.common.security.ShibbolethSecurityPolicy' 
> for decoded message
> 11:10:18.277 - DEBUG [org.opensaml.util.storage.ReplayCache:91] - 
> Attempting to acquire lock for replay cache check
> 11:10:18.277 - DEBUG [org.opensaml.util.storage.ReplayCache:93] - Lock 
> acquired
> 11:10:18.277 - DEBUG [org.opensaml.util.storage.ReplayCache:104] - Message 
> ID _97e2c007f4c34f50726a820b67b5172a was not a replay
> 11:10:18.277 - DEBUG [org.opensaml.util.storage.ReplayCache:131] - Writing 
> message ID 
> https://sp.testshib.org/shibboleth-sp_97e2c007f4c34f50726a820b67b5172a to 
> replay cache with expiration time 2009-07-14T11:15:18.277+01:00
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:77] - 
> Metadata document does not contain an EntityDescriptor with the ID 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.277 - DEBUG 
> [org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:91] - 
> SPSSODescriptor for entity ID 'https://sp.testshib.org/shibboleth-sp' does 
> not require AuthnRequests to be signed
> 11:10:18.277 - INFO 
> [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:99] 
>  - SAML protocol message was not signed, skipping XML signature processing
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:63] 
>  - Evaluating simple signature rule of type: 
> org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:86] 
>  - HTTP request was not signed via simple signature mechanism, skipping
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:63] 
>  - Evaluating simple signature rule of type: 
> org.opensaml.saml2.binding.security.SAML2HTTPPostSimpleSignRule
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:80] 
>  - Rule can not handle this request, skipping processing
> 11:10:18.277 - INFO 
> [org.opensaml.ws.transport.http.HttpServletRequestAdapter:129] - Wrapped 
> HTTP servlet request did not contain a client certificate
> 11:10:18.277 - INFO 
> [org.opensaml.ws.security.provider.ClientCertAuthRule:97] - Inbound 
> message transport did not contain a peer credential, skipping client 
> certificate authentication
> 11:10:18.277 - DEBUG 
> [org.opensaml.ws.message.decoder.BaseMessageDecoder:94] - Successfully 
> decoded message.
> 11:10:18.277 - DEBUG [PROTOCOL_MESSAGE:96] -
> <?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest 
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
> AssertionConsumerServiceURL="https://sp.testshib.org/Shibboleth.sso/SAML2/POST" 
> Destination="https://vm-idp.strat-col.stratford.ac.uk/idp/profile/SAML2/Redirect/SSO" 
> ID="_97e2c007f4c34f50726a820b67b5172a" IssueInstant="2009-07-14T10:10:17Z" 
> ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
> Version="2.0">
>   <saml:Issuer 
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sp.testshib.org/shibboleth-sp</saml:Issuer>
>   <samlp:NameIDPolicy AllowCreate="1"/>
> </samlp:AuthnRequest>
>
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:180] - 
> Checking SAML message intended destination endpoint against receiver 
> endpoint
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:199] - 
> Intended message destination endpoint: 
> https://vm-idp.strat-col.stratford.ac.uk/idp/profile/SAML2/Redirect/SSO
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:200] - Actual 
> message receiver endpoint: 
> https://vm-idp.strat-col.stratford.ac.uk/idp/profile/SAML2/Redirect/SSO
> 11:10:18.277 - DEBUG 
> [org.opensaml.common.binding.decoding.BaseSAMLMessageDecoder:208] - SAML 
> message intended destination endpoint matched recipient endpoint
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:307] 
>  - Decoded request
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:77] - 
> Metadata document does not contain an EntityDescriptor with the ID 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:126] 
>  - Looking up relying party configuration for 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:132] 
>  - No custom relying party configuration found for 
> https://sp.testshib.org/shibboleth-sp, looking up configuration based on 
> metadata groups.
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:77] - 
> Metadata document does not contain an EntityDescriptor with the ID 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:194] - 
> Checking child metadata provider for entity descriptor with entity ID: 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:206] - 
> Searching for entity descriptor with an entity ID of 
> https://sp.testshib.org/shibboleth-sp
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:155] 
>  - No custom or group-based relying party configuration found for 
> https://sp.testshib.org/shibboleth-sp. Using default relying party 
> configuration.
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:180] 
>  - Creating login context and transferring control to authentication 
> engine
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:262] - 
> Processing incoming request
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:292] - 
> Beginning user authentication process.
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:351] - 
> Filtering configured login handlers by requested athentication methods.
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:352] - 
> Configured LoginHandlers: 
> {urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHandler@161100c, 
> urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession=edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler@1649b1a}
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:353] - 
> Requested authentication methods: org.opensaml.xml.util.LazyList@645ccb
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:300] - 
> Possible authentication handlers for this request: 
> {urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHandler@161100c, 
> urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession=edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler@1649b1a}
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:313] - 
> Possible authentication handlers after filtering: 
> {urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport=edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHandler@161100c, 
> urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession=edu.internet2.middleware.shibboleth.idp.authn.provider.PreviousSessionLoginHandler@1649b1a}
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:326] - 
> Authenticating user with login handler of type 
> edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHandler
> 11:10:18.287 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginHandler:75] 
>  - Redirecting to 
> https://vm-idp.strat-col.stratford.ac.uk:443/idp/Authn/UserPassword
> 11:10:18.337 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:142] 
>  - Redirecting to login page /login.jsp
> 11:10:29.022 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:163] 
>  - Attempting to authenticate user testbc
> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.LdapProperties:299] - 
> edu.vt.middleware.ldap.auth.userField = samAccountName
> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.LdapProperties:299] - 
> edu.vt.middleware.ldap.auth.subtreeSearch = true
> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.Authenticator:143] - Looking 
> up DN from userfield and base
> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.Ldap:549] - Search with the 
> following parameters:
> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.Ldap:550] -   dn = 
> dc=Strat-Col,dc=stratford,dc=ac,dc=uk
> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.Ldap:551] -   filter = 
> (samAccountName=testbc)
> 11:10:29.022 - DEBUG [edu.vt.middleware.ldap.Ldap:552] -   filterArgs =
> 11:10:29.032 - DEBUG [edu.vt.middleware.ldap.Ldap:554] -     none
> 11:10:29.032 - DEBUG [edu.vt.middleware.ldap.Ldap:558] -   retAttrs =
> 11:10:29.032 - DEBUG [edu.vt.middleware.ldap.Ldap:562] -     []
> 11:10:29.032 - DEBUG [edu.vt.middleware.ldap.Ldap:1538] - Bind with the 
> following parameters:
> 11:10:29.032 - DEBUG [edu.vt.middleware.ldap.Ldap:1539] -   dn = 
> cn=famshib,ou=ServiceAccounts,ou=UserAccounts,ou=MainCampus,dc=Strat-Col,dc=stratford,dc=ac,dc=uk
> 11:10:29.032 - DEBUG [edu.vt.middleware.ldap.Ldap:1543] -   credential = 
> <suppressed>
> 11:10:29.042 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:192] 
>  - User authentication for [testbc] failed
> 11:10:29.042 - DEBUG 
> [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:142] 
>  - Redirecting to login page /login.jsp
>
>
> Security log on DC
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 680
> Date: 14/07/2009
> Time: 11:10:30
> User: STRAT-COL\famshib
> Computer: VM-AD-02
> Description:
> Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Logon account: famshib
> Source Workstation: VM-AD-02
> Error Code: 0x0
>
>
> For more information, see Help and Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 552
> Date: 14/07/2009
> Time: 11:10:30
> User: NT AUTHORITY\SYSTEM
> Computer: VM-AD-02
> Description:
> Logon attempt using explicit credentials:
> Logged on user:
>  User Name: VM-AD-02$
>  Domain: STRAT-COL
>  Logon ID: (0x0,0x3E7)
>  Logon GUID: -
> User whose credentials were used:
>  Target User Name: famshib
>  Target Domain: STRAT-COL
>  Target Logon GUID: -
>
> Target Server Name: localhost
> Target Server Info: localhost
> Caller Process ID: 400
> Source Network Address: 172.26.100.17
> Source Port: 1734
>
>
> For more information, see Help and Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Success Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 540
> Date: 14/07/2009
> Time: 11:10:30
> User: STRAT-COL\famshib
> Computer: VM-AD-02
> Description:
> Successful Network Logon:
>  User Name: famshib
>  Domain: STRAT-COL
>  Logon ID: (0x0,0x23E05A)
>  Logon Type: 3
>  Logon Process: Advapi
>  Authentication Package: Negotiate
>  Workstation Name: VM-AD-02
>  Logon GUID: -
>  Caller User Name: VM-AD-02$
>  Caller Domain: STRAT-COL
>  Caller Logon ID: (0x0,0x3E7)
>  Caller Process ID: 400
>  Transited Services: -
>  Source Network Address: 172.26.100.17
>  Source Port: 1734
>
>
> For more information, see Help and Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
>
>
>
>
Top of Message | Previous Page | Permalink
JiscMail Tools

Files Area | help
RSS Feeds and Sharing

Search Archives

Advanced Options