Error while configuring Shibboleth sp idp Apache Directory on local

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Error while configuring Shibboleth sp idp Apache Directory on local

rj4u2007
Hi guys,

I am trying to setup SSO for my application using Apache, Shibboleth SP, Shibboleth IDP, Apache Directory services. My Apache is on port 91, my application is on Tomcat port 8080, Shibboleth IDP is on port 9443 https. I am seeing the below error in my Idp process log.
09:49:17.620 - INFO [org.opensaml.ws.security.provider.ClientCertAuthRule:104] - Inbound message transport did not contain a peer credential, skipping client certificate authentication
09:49:17.620 - ERROR [org.opensaml.ws.security.provider.MandatoryAuthenticatedMessageRule:37] - Inbound message issuer was not authenticated.
09:49:17.621 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler:203] - Message did not meet security requirements
org.opensaml.ws.security.SecurityPolicyException: Inbound message issuer was not authenticated.
        at org.opensaml.ws.security.provider.MandatoryAuthenticatedMessageRule.evaluate(MandatoryAuthenticatedMessageRule.java:38) ~[openws-1.5.6.jar:na]
        at org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:51) ~[openws-1.5.6.jar:na]
        at org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:132) ~[openws-1.5.6.jar:na]
        at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:83) ~[openws-1.5.6.jar:na]
        at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70) ~[opensaml-2.6.6.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.decodeRequest(AttributeQueryProfileHandler.java:186) [shibboleth-identityprovider-2.4.5.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:88) [shibboleth-identityprovider-2.4.5.jar:na]
        at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:55) [shibboleth-identityprovider-2.4.5.jar:na]
        at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.4.5.jar:na]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [servlet-api.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.27]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.27]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
        at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) [shibboleth-identityprovider-2.4.5.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
        at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:87) [shibboleth-identityprovider-2.4.5.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
        at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) [shibboleth-common-1.4.5.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:201) [catalina.jar:8.0.27]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.27]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.27]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.27]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.27]
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.27]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.27]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) [catalina.jar:8.0.27]
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) [tomcat-coyote.jar:8.0.27]
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673) [tomcat-coyote.jar:8.0.27]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-coyote.jar:8.0.27]
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-coyote.jar:8.0.27]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_60]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_60]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.27]
        at java.lang.Thread.run(Unknown Source) [na:1.8.0_60]
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: http://localhost:8080/WebUI
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of http://localhost:8080/WebUI
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:167] - Metadata document does not contain an EntityDescriptor with the ID http://localhost:8080/WebUI
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: http://localhost:8080/WebUI
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of http://localhost:8080/WebUI
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: http://localhost:8080/WebUI
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of http://localhost:8080/WebUI
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:167] - Metadata document does not contain an EntityDescriptor with the ID http://localhost:8080/WebUI
09:49:17.622 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: http://localhost:8080/WebUI
09:49:17.622 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of http://localhost:8080/WebUI


Attaching all my configuration files and SP, IDP log files as well. httpd.confshibboleth2.xmlapache24.configattribute-map.xmlidp-metadata.xmlattribute-filter.xmlattribute-resolver.xmllogin.configrelying-party.xmlsp-metadata.xml