SP receives a AuthnFailed response w/o showing the login page.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SP receives a AuthnFailed response w/o showing the login page.

jsinclair
I'm not sure how to get our login.jsp page to display for authentication. The idp-process.log shows no authentication mechanism available for use with relying party. I've been over and over the shib docs but still can't figure out the what the issue may be. I thought everything is configured correctly. Thanks in advance for any help, I've been stuck on this for days.


TOMCAT/IDP/WEB.XML
-----------------------------------
Is this the correct section to uncomment to get the login.jsp form to display?


    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>IdP Password Authentication</realm-name>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login-error.jsp</form-error-page>
        </form-login-config>
    </login-config>



RELYING-PARTY.XML
-----------------------------------
<RelyingParty id="https://staging.services.identity.nbcuni.com/PartnerServices/SAML2/metadata"
              provider="https://cia.sccoast.net/idp/shibboleth"         defaultSigningCredentialRef="IdPCredential"       defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport">
        <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
        <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"/>
        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"/>
        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
        <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" /> 
</RelyingParty>

HANDLER.XML:
--------------------------------
<LoginHandler xsi:type="UsernamePassword"
            jaasConfigurationLocation="C:\shibboleth-identityprovider-2.1.3\idp/conf/login.config">
<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>          <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
</LoginHandler>

LOGIN.CONFIG
--------------------------------
ShibUserPassAuth {
    edu.vt.middleware.ldap.jaas.LdapLoginModule required
         base="xx"
         host="xx"
         port="389"
         serviceCredential="xx"
         serviceUser="xx"
         ssl="false"
         tls="false"
         userField="xx"
         subtreeSearch="false"
    ;  
};

IDP-PROCESS.LOG
----------------------------------------------------
15:32:47.631 - INFO [Shibboleth-Access:73] - 20091026T193247Z|172.21.17.215|cia.sccoast.net:443|/profile/SAML2/POST/SSO|
15:32:47.991 - INFO [org.opensaml.security.MetadataCredentialResolver:450] - Credential cache cleared
15:32:47.991 - INFO [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802] - PKIX validation info cache cleared
15:32:47.991 - INFO [org.opensaml.security.MetadataCredentialResolver:450] - Credential cache cleared
15:32:47.991 - INFO [edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver:802] - PKIX validation info cache cleared
15:32:47.991 - INFO [org.opensaml.xml.signature.impl.BaseSignatureTrustEngine:111] - Signature contained no KeyInfo element, could not resolve verification credentials
15:32:48.022 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:128] - Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
15:32:48.037 - INFO [org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule:130] - Authentication via protocol message signature succeeded for context issuer entity ID https://staging.services.identity.nbcuni.com/PartnerServices/SAML2/metadata
15:32:48.037 - INFO [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:257] - No authentication mechanism available for use with relying party 'https://staging.services.identity.nbcuni.com/PartnerServices/SAML2/metadata'