Error resolving attributes - IDP2.x & SP1.3

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Error resolving attributes - IDP2.x & SP1.3

Achugatla, Vijay Kumar (ELS-CON)

Hi,

 

We have multiple IDPs that are trying to connect to our SP 1.3 (on Solaris). Some of them are facing some issues in the recent times. All these IDPs were recently upgraded to 2.x. There were no issues before the upgrade

 

Below are the messages from logs

 

Shibd log

 

<samlp:Status><samlp:StatusCode Value="samlp:Responder"/><samlp:StatusMessage>Error resolving attributes</samlp:StatusMessage></samlp:Status></samlp:Response>

23:53:20.467(06/16) ERROR shibd.Listener : caught exception while creating session: Error resolving attributes

 

I believe the StatusCode is part of the Response that SP receives from an IDP. And for successful login the StatusCode is Success

<Status><StatusCode Value="samlp:Success"></StatusCode></Status>

 

Native (apache) log

 

23:53:20.453(06/16) INFO  shibtarget.Listener : create session for user at (192.168.92.148) for application (sciencedirect)

23:53:20.454(06/16) DEBUG shibtarget.Listener : returning existing connection: 5a68770 -> 5a91920

23:53:20.468(06/16) DEBUG shibtarget.Listener : RPC completed with exception: <Status xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:

samlp="urn:oasis:names:tc:SAML:1.0:protocol"><StatusCode Value="samlp:Responder"/><StatusMessage>Error resolving attributes</StatusMessag

e><StatusDetail xmlns:opensaml="http://www.opensaml.org"><opensaml:ExceptionClass>org.opensaml.SAMLException</opensaml:ExceptionClass></S

tatusDetail></Status>

23:53:20.471(06/16) DEBUG shibtarget.ShibMLP : inserting errorType -> SAMLException

23:53:20.471(06/16) DEBUG shibtarget.ShibMLP : inserting errorText -> Error resolving attributes

23:53:20.472(06/16) DEBUG shibtarget.ShibMLP : inserting errorType -> Session Creation Error

 

I am not sure if this is an issue at SP end or IDP end.

Any idea what is the reason for this error?

 

Thanks,
Vijay

Reply | Threaded
Open this post in threaded view
|

RE: Error resolving attributes - IDP2.x & SP1.3

Cantor, Scott E.
> We have multiple IDPs that are trying to connect to our SP 1.3 (on
Solaris).
> Some of them are facing some issues in the recent times. All these IDPs
were
> recently upgraded to 2.x. There were no issues before the upgrade

It stands to reason that somebody upgrading their IdP and that breaking
something is probably running a non-functional IdP.
 
> I believe the StatusCode is part of the Response that SP receives from an
> IDP. And for successful login the StatusCode is Success

Correct.

> I am not sure if this is an issue at SP end or IDP end.

That depends entirely on why the IdP is failing to return anything, but if
the SP's running as before, then one would have to blame the IdP.

-- Scott