Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Unable to establish security of incoming assertion

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Shibboleth.SSO.SAML2 [2]: detected a problem with assertion: Unable to establish security of incoming assertion

rameshelworthy
Hi,

I am trying to create a simple shibboleth application with 1 IDP and 1SP.

I have done all the configuration. Can some body help in resolving the above error.

Please find the shib.logs below.


2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default::getHeaders::Application)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Artifact/SOAP::run::SAML2Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML2/POST)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML2/POST-SimpleSign)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML2/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML2/ECP)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML/POST)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SAML/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Login::run::SAML2SI)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Login::run::Shib1SI)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SLO/SOAP)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SLO/Redirect)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SLO/POST)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/SLO/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Logout::run::SAML2LI)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Logout::run::LocalLI)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Metadata)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/Status)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (default/DiscoFeed)
2015-12-28 18:00:21 INFO Shibboleth.AttributeFilter : reload thread finished
2015-12-28 18:00:21 INFO OpenSAML.MetadataProvider.XML : reload thread finished
2015-12-28 18:00:21 INFO Shibboleth.SecurityPolicyProvider.XML : reload thread finished
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (find::StorageService::SessionCache)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (remove::StorageService::SessionCache)
2015-12-28 18:00:21 INFO Shibboleth.Listener : unregistered remoted message endpoint (touch::StorageService::SessionCache)
2015-12-28 18:00:21 INFO XMLTooling.StorageService : cleanup thread finished
2015-12-28 18:00:21 INFO XMLTooling.Config : xmltooling 1.5.3 library shutdown complete
2015-12-28 18:00:21 INFO OpenSAML.Config : opensaml 2.5.3 library shutdown complete
2015-12-28 18:00:21 INFO Shibboleth.Config : shibboleth 2.5.3 library shutdown complete
2015-12-28 18:00:21 INFO XMLTooling.Config : xmltooling 1.5.3 library initialization complete
2015-12-28 18:00:21 INFO OpenSAML.Config : opensaml 2.5.3 library initialization complete
2015-12-28 18:00:21 INFO Shibboleth.Config : shibboleth 2.5.3 library initialization complete
2015-12-28 18:00:21 INFO Shibboleth.Config : reload thread started...running when signaled
2015-12-28 18:00:21 INFO Shibboleth.Config : loaded XML resource (/etc/shibboleth/shibboleth2.xml)
2015-12-28 18:00:21 INFO Shibboleth.Config : Shibboleth SP Version 2.5.3
2015-12-28 18:00:21 INFO Shibboleth.Config : Library versions: log4shib 1.0.8, Xerces-C 3.1.1, XML-Security-C 1.7.2, XMLTooling-C 1.5.3, OpenSAML-C 2.5.3, Shibboleth 1.5.3
2015-12-28 18:00:21 INFO Shibboleth.Config : building ListenerService of type UnixListener...
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (set::RelayState)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (get::RelayState)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (set::PostData)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (get::PostData)
2015-12-28 18:00:21 INFO Shibboleth.Config : no StorageService plugin(s) installed, using (mem) in-memory instance
2015-12-28 18:00:21 INFO Shibboleth.Config : no ReplayCache specified, using arbitrary StorageService instance
2015-12-28 18:00:21 INFO Shibboleth.Config : no ArtifactMap specified, building in-memory ArtifactMap...
2015-12-28 18:00:21 INFO Shibboleth.Config : no SessionCache specified, using StorageService-backed instance
2015-12-28 18:00:21 INFO Shibboleth.SessionCache : bound to arbitrary StorageService
2015-12-28 18:00:21 INFO Shibboleth.SessionCache : StorageService for 'lite' use not set, using standard StorageService
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (find::StorageService::SessionCache)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (remove::StorageService::SessionCache)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (touch::StorageService::SessionCache)
2015-12-28 18:00:21 INFO Shibboleth.Config : building SecurityPolicyProvider of type XML...
2015-12-28 18:00:21 INFO Shibboleth.SecurityPolicyProvider.XML : loaded XML resource (/etc/shibboleth/security-policy.xml)
2015-12-28 18:00:21 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Audience
2015-12-28 18:00:21 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Audience
2015-12-28 18:00:21 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Ignore
2015-12-28 18:00:21 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Ignore
2015-12-28 18:00:21 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Ignore
2015-12-28 18:00:21 INFO Shibboleth.Config : automatically blacklisting security algorithm (http://www.w3.org/2001/04/xmldsig-more#rsa-md5)
2015-12-28 18:00:21 INFO Shibboleth.Config : automatically blacklisting security algorithm (http://www.w3.org/2001/04/xmldsig-more#md5)
2015-12-28 18:00:21 INFO Shibboleth.Config : automatically blacklisting security algorithm (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
2015-12-28 18:00:21 INFO Shibboleth.Config : building ProtocolProvider of type XML...
2015-12-28 18:00:21 INFO Shibboleth.ProtocolProvider.XML : loaded XML resource (/etc/shibboleth/protocols.xml)
2015-12-28 18:00:21 WARN Shibboleth.Application : insecure cookieProps setting, set to "https" for SSL/TLS-only usage
2015-12-28 18:00:21 WARN Shibboleth.Application : handlerSSL should be enabled for SSL/TLS-enabled web sites
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring SSO initiation for protocol (SAML2)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding SessionInitiator of type (SAML2) to chain (/Login)
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring ArtifactResolution endpoints for protocol (SAML2)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding ArtifactResolutionService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:SOAP) at (/Artifact/SOAP)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/Artifact/SOAP::run::SAML2Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring SSO endpoints for protocol (SAML2)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST) at (/SAML2/POST)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/POST)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign) at (/SAML2/POST-SimpleSign)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/POST-SimpleSign)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact) at (/SAML2/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:PAOS) at (/SAML2/ECP)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/ECP)
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring SSO initiation for protocol (SAML1)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding SessionInitiator of type (Shib1) to chain (/Login)
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring SSO endpoints for protocol (SAML1)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:1.0:profiles:browser-post) at (/SAML/POST)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML/POST)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:1.0:profiles:artifact-01) at (/SAML/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding SessionInitiator of type (SAMLDS) to chain (/Login)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/Login::run::SAML2SI)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/Login::run::Shib1SI)
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring Logout initiation for protocol (SAML2)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding LogoutInitiator of type (SAML2) to chain (/Logout)
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring Logout endpoints for protocol (SAML2)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding SingleLogoutService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:SOAP) at (/SLO/SOAP)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SLO/SOAP)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding SingleLogoutService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect) at (/SLO/Redirect)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SLO/Redirect)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding SingleLogoutService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST) at (/SLO/POST)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SLO/POST)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding SingleLogoutService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact) at (/SLO/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/SLO/Artifact)
2015-12-28 18:00:21 INFO Shibboleth.Application : auto-configuring Logout initiation for protocol (Local)
2015-12-28 18:00:21 INFO Shibboleth.Application : adding LogoutInitiator of type (Local) to chain (/Logout)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/Logout::run::SAML2LI)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/Logout::run::LocalLI)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/Metadata)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/Status)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default/DiscoFeed)
2015-12-28 18:00:21 INFO Shibboleth.DiscoveryFeed : feed files will be cached in /var/cache/shibboleth/
2015-12-28 18:00:21 INFO Shibboleth.Application : building MetadataProvider of type XML...
2015-12-28 18:00:21 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (/home/relworthy/Desktop/Softwares/shibboleth-identityprovider-2.3.0/plusnet/metadata/idp-metadata.xml)
2015-12-28 18:00:21 INFO Shibboleth.Application : no TrustEngine specified or installed, using default chain {ExplicitKey, PKIX}
2015-12-28 18:00:21 INFO Shibboleth.Application : building AttributeExtractor of type XML...
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : loaded XML resource (/etc/shibboleth/attribute-map.xml)
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonPrincipalName
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.6
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.9
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonAffiliation
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.1
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonEntitlement
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.7
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonTargetedID
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.10
2015-12-28 18:00:21 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2015-12-28 18:00:21 INFO Shibboleth.Application : building AttributeFilter of type XML...
2015-12-28 18:00:21 INFO Shibboleth.AttributeFilter : loaded XML resource (/etc/shibboleth/attribute-policy.xml)
2015-12-28 18:00:21 INFO Shibboleth.Application : building AttributeResolver of type Query...
2015-12-28 18:00:21 INFO Shibboleth.Application : building CredentialResolver of type File...
2015-12-28 18:00:21 INFO XMLTooling.SecurityHelper : loading private key from file (/etc/shibboleth/ssl/ca.key)
2015-12-28 18:00:21 INFO XMLTooling.SecurityHelper : loading certificate(s) from file (/etc/shibboleth/ssl/ca.crt)
2015-12-28 18:00:21 INFO Shibboleth.Listener : registered remoted message endpoint (default::getHeaders::Application)
2015-12-28 18:00:21 INFO Shibboleth.Listener : listener service starting
2015-12-28 18:00:21 INFO Shibboleth.SecurityPolicyProvider.XML : reload thread started...running when signaled
2015-12-28 18:00:21 INFO Shibboleth.AttributeFilter : reload thread started...running when signaled
2015-12-28 18:00:21 INFO OpenSAML.MetadataProvider.XML : reload thread started...running when signaled
2015-12-28 18:00:21 INFO XMLTooling.StorageService : cleanup thread started...running every 900 seconds
2015-12-28 18:00:36 WARN Shibboleth.SSO.SAML2 [1]: detected a problem with assertion: Unable to establish security of incoming assertion.