Stuck at /Shibboleth.sso/SAML2/POST

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Stuck at /Shibboleth.sso/SAML2/POST

George Glessner

I have attached my shibboleth2.xml file I am using currently with my configuration. I changed our IDP name for sake of security. I have the correct metadata from the IDP, and when I go to the Shibboleth login, I am prompted to login by the IDP. Once I enter my valid credentials, I get stuck at /Shibboleth.sso/SAML2/POST. I am not sure if I am missing a step in a redirect or if it should happen automatically. I am also unsure if I am using the correct entity ID’s for <ApplicationDefaults> and <SSO>. I have only modified shibboleth2.xml. Any suggestion’s or observations of what I did wrong would be appreciated!


Thanks,


George


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

shibboleth2.xml (12K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Stuck at /Shibboleth.sso/SAML2/POST

Peter Schober
* George Glessner <[hidden email]> [2018-06-27 15:28]:
> I have attached my shibboleth2.xml file I am using currently with my
> configuration. I changed our IDP name for sake of security. I have
> the correct metadata from the IDP, and when I go to the Shibboleth
> login, I am prompted to login by the IDP. Once I enter my valid
> credentials, I get stuck at /Shibboleth.sso/SAML2/POST.

If that's the same issue you've asked about yesterday in the thead
"Login Redirect"
why start a new one?

Also, did you even look at the reply you got in that other thread?
From what you originally wrote:

* George Glessner <[hidden email]> [2018-06-26 19:44]:
> I get an error saying that the site cannot be reached and that my
> server IP address cannot be reached

This sounds like you're trying to access something with your browser
that doesn't exist. As the other poster said, incorrect metadata could
lead to that.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Stuck at /Shibboleth.sso/SAML2/POST

George Glessner
The metadata I have for the IDP is correct, I know that for a fact because I have successfully used it for our PHP server. The only way the metadata I am providing as a SP would be incorrect is if my shibboleth2.xml file is not configured correctly which is what I do not know. When you say it looks like I'm trying to access something that doesn't exist, are you talking about the /Shibboleth.sso/SAML2/POST? When I look at the network when processing the login request the POST fails at that file. Is there something in the shibboleth2.xml I can modify to fix this?

-----Original Message-----
From: users <[hidden email]> On Behalf Of Peter Schober
Sent: Wednesday, June 27, 2018 9:33 AM
To: [hidden email]
Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST

* George Glessner <[hidden email]> [2018-06-27 15:28]:
> I have attached my shibboleth2.xml file I am using currently with my
> configuration. I changed our IDP name for sake of security. I have the
> correct metadata from the IDP, and when I go to the Shibboleth login,
> I am prompted to login by the IDP. Once I enter my valid credentials,
> I get stuck at /Shibboleth.sso/SAML2/POST.

If that's the same issue you've asked about yesterday in the thead "Login Redirect"
why start a new one?

Also, did you even look at the reply you got in that other thread?
From what you originally wrote:

* George Glessner <[hidden email]> [2018-06-26 19:44]:
> I get an error saying that the site cannot be reached and that my
> server IP address cannot be reached

This sounds like you're trying to access something with your browser that doesn't exist. As the other poster said, incorrect metadata could lead to that.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Stuck at /Shibboleth.sso/SAML2/POST

Peter Schober
* George Glessner <[hidden email]> [2018-06-27 15:47]:
> When you say it looks like I'm trying to access something that
> doesn't exist, are you talking about the /Shibboleth.sso/SAML2/POST?

No, you wrote earlier:

* George Glessner <[hidden email]> [2018-06-26 19:44]:
> I get an error saying that the site cannot be reached and that my
> server IP address cannot be reached

That's not a technical error report, of course, but if I had to guess
(and I have, lacking evidence from your web server logs or HTTP status
codes from the browser) to me that sounds like your browser cannot
reach the server.

-peter
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Stuck at /Shibboleth.sso/SAML2/POST

George Glessner
The POST to the request url: http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST had a status of failed. When I exit out of my browser and open it back up and navigate to http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status it loads up fine. If I then enter in http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST I get the site can't be reached error, and then when going back to the status page I get the same error even though it was working fine just before I went to the POST page. It seems as though the POST page may be modifying something that is causing this?  

-----Original Message-----
From: Peter Schober <[hidden email]>
Sent: Wednesday, June 27, 2018 10:01 AM
To: George Glessner <[hidden email]>
Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST

* George Glessner <[hidden email]> [2018-06-27 15:47]:
> When you say it looks like I'm trying to access something that doesn't
> exist, are you talking about the /Shibboleth.sso/SAML2/POST?

No, you wrote earlier:

* George Glessner <[hidden email]> [2018-06-26 19:44]:
> I get an error saying that the site cannot be reached and that my
> server IP address cannot be reached

That's not a technical error report, of course, but if I had to guess (and I have, lacking evidence from your web server logs or HTTP status codes from the browser) to me that sounds like your browser cannot reach the server.

-peter

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Stuck at /Shibboleth.sso/SAML2/POST

Kunal Shah
 

On Wed, Jun 27, 2018 at 02:16:53PM +0000, George Glessner wrote:
>The POST to the request url: http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST had a status of failed. When I exit out of my browser and open it back up and navigate to http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status it loads up fine.

are you sure http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status comes up fine? shibboleth2.xml you attached says it is allowed only from locahost.
you should have gotten forbidden error.
Something is not right. Either you are not using correct shibboleth2.xml or your SP metadata has problem.

>If I then enter in http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST I get the site can't be reached error, and then when going back to the status page I get the same error even though it was working fine just before I went to the POST page. It seems as though the POST page may be modifying something that is causing this?
>

web/app server and shibd.log should log error for this.

basic troubleshooting steps.
A) check metadata for accuracy
B) use fiddler or if you are using chrome, enable developer tools. Trace your request and see where it is getting stuck.
C) use exact time stamp to coorelate logs in web/app server, shibd and native log files.

I am mentioning web/app server because I am not sure why you are using port 8080.

For us to help you, more detailed information is needed.

-Kunal Shah

>-----Original Message-----
>From: Peter Schober <[hidden email]>
>Sent: Wednesday, June 27, 2018 10:01 AM
>To: George Glessner <[hidden email]>
>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>
>* George Glessner <[hidden email]> [2018-06-27 15:47]:
>> When you say it looks like I'm trying to access something that doesn't
>> exist, are you talking about the /Shibboleth.sso/SAML2/POST?
>
>No, you wrote earlier:
>
>* George Glessner <[hidden email]> [2018-06-26 19:44]:
>> I get an error saying that the site cannot be reached and that my
>> server IP address cannot be reached
>
>That's not a technical error report, of course, but if I had to guess (and I have, lacking evidence from your web server logs or HTTP status codes from the browser) to me that sounds like your browser cannot reach the server.
>
>-peter
>
>--
>For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Stuck at /Shibboleth.sso/SAML2/POST

George Glessner
Hi Kunal,

Yes, http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Status works just fine. I am not sure what you mean that it says it is only allowed from localhost in my shibboleth2.xml, where are you seeing that? I already mentioned where it is getting stuck, /Shibboleth.sso/SAML2/POST. I am using port 8080 because that is the port my local site (george-oxygen.seitrakker.com) is set up on.  When you ask me to check metadata for accuracy are you asking me to check SP side or IDP side? IDP side is accurate, can't tell you if mine is or not hence why I am asking for help.

Thank you,

George

 
-----Original Message-----
From: users <[hidden email]> On Behalf Of Kunal Shah
Sent: Thursday, June 28, 2018 2:48 AM
To: Shib Users <[hidden email]>
Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST

 

On Wed, Jun 27, 2018 at 02:16:53PM +0000, George Glessner wrote:
>The POST to the request url: http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST had a status of failed. When I exit out of my browser and open it back up and navigate to http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status it loads up fine.

are you sure http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status comes up fine? shibboleth2.xml you attached says it is allowed only from localhost.
you should have gotten forbidden error.
Something is not right. Either you are not using correct shibboleth2.xml or your SP metadata has problem.

>If I then enter in http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST I get the site can't be reached error, and then when going back to the status page I get the same error even though it was working fine just before I went to the POST page. It seems as though the POST page may be modifying something that is causing this?
>

web/app server and shibd.log should log error for this.

basic troubleshooting steps.
A) check metadata for accuracy
B) use fiddler or if you are using chrome, enable developer tools. Trace your request and see where it is getting stuck.
C) use exact time stamp to correlate logs in web/app server, shibd and native log files.

I am mentioning web/app server because I am not sure why you are using port 8080.

For us to help you, more detailed information is needed.

-Kunal Shah

>-----Original Message-----
>From: Peter Schober <[hidden email]>
>Sent: Wednesday, June 27, 2018 10:01 AM
>To: George Glessner <[hidden email]>
>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>
>* George Glessner <[hidden email]> [2018-06-27 15:47]:
>> When you say it looks like I'm trying to access something that
>> doesn't exist, are you talking about the /Shibboleth.sso/SAML2/POST?
>
>No, you wrote earlier:
>
>* George Glessner <[hidden email]> [2018-06-26 19:44]:
>> I get an error saying that the site cannot be reached and that my
>> server IP address cannot be reached
>
>That's not a technical error report, of course, but if I had to guess (and I have, lacking evidence from your web server logs or HTTP status codes from the browser) to me that sounds like your browser cannot reach the server.
>
>-peter
>
>--
>For Consortium Member technical support, see
>https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to
>[hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Stuck at /Shibboleth.sso/SAML2/POST

Kunal Shah
On Thu, Jun 28, 2018 at 11:55:00AM +0000, George Glessner wrote:
>Hi Kunal,
>
>Yes, http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Status works just fine. I am not sure what you mean that it says it is only allowed from localhost in my shibboleth2.xml, where are you seeing that?

from your shibboleths.xml file

            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>

and it is not commented. This actually means that only http://locahost:8080/Shibboleth.sso/Status should serve the request. if you go by your host
name, it should not. I may be wrong. Someone from this list can confirm. This is mentioned in "Initial Testing" section of shibboleth SP documentation
@

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxInstall

If I am right, your sp is not using shibboleth2.xml file you attached.

>I already mentioned where it is getting stuck, /Shibboleth.sso/SAML2/POST. I am using port 8080 because that is the port my local site
(george-oxygen.seitrakker.com) is set up on.  When you ask me to check metadata for accuracy are you asking me to check SP side or IDP side? IDP side is accurate, can't tell you if mine is or not hence why I am asking for help.
>

If you are sure IDP side is accurate you need to check yours. Where is the metadata file that you as SP sent to IDP?

Did you try fiddler request trace ?
check this link for how to use fiddler

https://zappysys.com/blog/how-to-use-fiddler-to-analyze-http-web-requests/

-Kunal

>Thank you,
>
>George
>
>
>-----Original Message-----
>From: users <[hidden email]> On Behalf Of Kunal Shah
>Sent: Thursday, June 28, 2018 2:48 AM
>To: Shib Users <[hidden email]>
>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>
>
>
>On Wed, Jun 27, 2018 at 02:16:53PM +0000, George Glessner wrote:
>>The POST to the request url: http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST had a status of failed. When I exit out of my browser and open it back up and navigate to http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status it loads up fine.
>
>are you sure http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status comes up fine? shibboleth2.xml you attached says it is allowed only from localhost.
>you should have gotten forbidden error.
>Something is not right. Either you are not using correct shibboleth2.xml or your SP metadata has problem.
>
>>If I then enter in http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST I get the site can't be reached error, and then when going back to the status page I get the same error even though it was working fine just before I went to the POST page. It seems as though the POST page may be modifying something that is causing this?
>>
>
>web/app server and shibd.log should log error for this.
>
>basic troubleshooting steps.
>A) check metadata for accuracy
>B) use fiddler or if you are using chrome, enable developer tools. Trace your request and see where it is getting stuck.
>C) use exact time stamp to correlate logs in web/app server, shibd and native log files.
>
>I am mentioning web/app server because I am not sure why you are using port 8080.
>
>For us to help you, more detailed information is needed.
>
>-Kunal Shah
>
>>-----Original Message-----
>>From: Peter Schober <[hidden email]>
>>Sent: Wednesday, June 27, 2018 10:01 AM
>>To: George Glessner <[hidden email]>
>>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>>
>>* George Glessner <[hidden email]> [2018-06-27 15:47]:
>>> When you say it looks like I'm trying to access something that
>>> doesn't exist, are you talking about the /Shibboleth.sso/SAML2/POST?
>>
>>No, you wrote earlier:
>>
>>* George Glessner <[hidden email]> [2018-06-26 19:44]:
>>> I get an error saying that the site cannot be reached and that my
>>> server IP address cannot be reached
>>
>>That's not a technical error report, of course, but if I had to guess (and I have, lacking evidence from your web server logs or HTTP status codes from the browser) to me that sounds like your browser cannot reach the server.
>>
>>-peter
>>
>>--
>>For Consortium Member technical support, see
>>https://wiki.shibboleth.net/confluence/x/coFAAg
>>To unsubscribe from this list send an email to
>>[hidden email]
>--
>For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to [hidden email]
>
>--
>For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Stuck at /Shibboleth.sso/SAML2/POST

George Glessner
Kunal,

My local host is set to

127.0.0.1 localhost george-oxygen.seitrakker.com

In my hosts file, so technically I am still running through local host.

I get my metadata file from http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Metadata 

I am not using a linux machine, I am on Windows.

Thanks,

George
-----Original Message-----
From: users <[hidden email]> On Behalf Of Kunal Shah
Sent: Thursday, June 28, 2018 8:22 AM
To: Shib Users <[hidden email]>
Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST

On Thu, Jun 28, 2018 at 11:55:00AM +0000, George Glessner wrote:
>Hi Kunal,
>
>Yes, http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Status works just fine. I am not sure what you mean that it says it is only allowed from localhost in my shibboleth2.xml, where are you seeing that?

from your shibboleths.xml file

            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>

and it is not commented. This actually means that only http://locahost:8080/Shibboleth.sso/Status should serve the request. if you go by your host name, it should not. I may be wrong. Someone from this list can confirm. This is mentioned in "Initial Testing" section of shibboleth SP documentation @

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxInstall

If I am right, your sp is not using shibboleth2.xml file you attached.

>I already mentioned where it is getting stuck,
>/Shibboleth.sso/SAML2/POST. I am using port 8080 because that is the
>port my local site
(george-oxygen.seitrakker.com) is set up on.  When you ask me to check metadata for accuracy are you asking me to check SP side or IDP side? IDP side is accurate, can't tell you if mine is or not hence why I am asking for help.
>

If you are sure IDP side is accurate you need to check yours. Where is the metadata file that you as SP sent to IDP?

Did you try fiddler request trace ?
check this link for how to use fiddler

https://zappysys.com/blog/how-to-use-fiddler-to-analyze-http-web-requests/

-Kunal

>Thank you,
>
>George
>
>
>-----Original Message-----
>From: users <[hidden email]> On Behalf Of Kunal Shah
>Sent: Thursday, June 28, 2018 2:48 AM
>To: Shib Users <[hidden email]>
>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>
>
>
>On Wed, Jun 27, 2018 at 02:16:53PM +0000, George Glessner wrote:
>>The POST to the request url: http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST had a status of failed. When I exit out of my browser and open it back up and navigate to http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status it loads up fine.
>
>are you sure http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status comes up fine? shibboleth2.xml you attached says it is allowed only from localhost.
>you should have gotten forbidden error.
>Something is not right. Either you are not using correct shibboleth2.xml or your SP metadata has problem.
>
>>If I then enter in http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST I get the site can't be reached error, and then when going back to the status page I get the same error even though it was working fine just before I went to the POST page. It seems as though the POST page may be modifying something that is causing this?
>>
>
>web/app server and shibd.log should log error for this.
>
>basic troubleshooting steps.
>A) check metadata for accuracy
>B) use fiddler or if you are using chrome, enable developer tools. Trace your request and see where it is getting stuck.
>C) use exact time stamp to correlate logs in web/app server, shibd and native log files.
>
>I am mentioning web/app server because I am not sure why you are using port 8080.
>
>For us to help you, more detailed information is needed.
>
>-Kunal Shah
>
>>-----Original Message-----
>>From: Peter Schober <[hidden email]>
>>Sent: Wednesday, June 27, 2018 10:01 AM
>>To: George Glessner <[hidden email]>
>>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>>
>>* George Glessner <[hidden email]> [2018-06-27 15:47]:
>>> When you say it looks like I'm trying to access something that
>>> doesn't exist, are you talking about the /Shibboleth.sso/SAML2/POST?
>>
>>No, you wrote earlier:
>>
>>* George Glessner <[hidden email]> [2018-06-26 19:44]:
>>> I get an error saying that the site cannot be reached and that my
>>> server IP address cannot be reached
>>
>>That's not a technical error report, of course, but if I had to guess (and I have, lacking evidence from your web server logs or HTTP status codes from the browser) to me that sounds like your browser cannot reach the server.
>>
>>-peter
>>
>>--
>>For Consortium Member technical support, see
>>https://wiki.shibboleth.net/confluence/x/coFAAg
>>To unsubscribe from this list send an email to
>>[hidden email]
>--
>For Consortium Member technical support, see
>https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to
>[hidden email]
>
>--
>For Consortium Member technical support, see
>https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to
>[hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Stuck at /Shibboleth.sso/SAML2/POST

Kunal Shah
Ok so that answers how you are able to see status page. But without fiddler trace, Apache+shibboleth logs and metadata details, can't help you much. 

On Thu 28 Jun, 2018, 5:57 PM George Glessner, <[hidden email]> wrote:
Kunal,

My local host is set to

127.0.0.1               localhost       george-oxygen.seitrakker.com

In my hosts file, so technically I am still running through local host.

I get my metadata file from http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Metadata

I am not using a linux machine, I am on Windows.

Thanks,

George
-----Original Message-----
From: users <[hidden email]> On Behalf Of Kunal Shah
Sent: Thursday, June 28, 2018 8:22 AM
To: Shib Users <[hidden email]>
Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST

On Thu, Jun 28, 2018 at 11:55:00AM +0000, George Glessner wrote:
>Hi Kunal,
>
>Yes, http://george-oxygen.seitrakker.com:8080/Shibboleth.sso/Status works just fine. I am not sure what you mean that it says it is only allowed from localhost in my shibboleth2.xml, where are you seeing that?

from your shibboleths.xml file

            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>

and it is not commented. This actually means that only http://locahost:8080/Shibboleth.sso/Status should serve the request. if you go by your host name, it should not. I may be wrong. Someone from this list can confirm. This is mentioned in "Initial Testing" section of shibboleth SP documentation @

https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxInstall

If I am right, your sp is not using shibboleth2.xml file you attached.

>I already mentioned where it is getting stuck,
>/Shibboleth.sso/SAML2/POST. I am using port 8080 because that is the
>port my local site
(george-oxygen.seitrakker.com) is set up on.  When you ask me to check metadata for accuracy are you asking me to check SP side or IDP side? IDP side is accurate, can't tell you if mine is or not hence why I am asking for help.
>

If you are sure IDP side is accurate you need to check yours. Where is the metadata file that you as SP sent to IDP?

Did you try fiddler request trace ?
check this link for how to use fiddler

https://zappysys.com/blog/how-to-use-fiddler-to-analyze-http-web-requests/

-Kunal

>Thank you,
>
>George
>
>
>-----Original Message-----
>From: users <[hidden email]> On Behalf Of Kunal Shah
>Sent: Thursday, June 28, 2018 2:48 AM
>To: Shib Users <[hidden email]>
>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>
>
>
>On Wed, Jun 27, 2018 at 02:16:53PM +0000, George Glessner wrote:
>>The POST to the request url: http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST had a status of failed. When I exit out of my browser and open it back up and navigate to http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status it loads up fine.
>
>are you sure http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/Status comes up fine? shibboleth2.xml you attached says it is allowed only from localhost.
>you should have gotten forbidden error.
>Something is not right. Either you are not using correct shibboleth2.xml or your SP metadata has problem.
>
>>If I then enter in http://george-oxygen.seitrraker.com:8080/Shibboleth.sso/SAML2/POST I get the site can't be reached error, and then when going back to the status page I get the same error even though it was working fine just before I went to the POST page. It seems as though the POST page may be modifying something that is causing this?
>>
>
>web/app server and shibd.log should log error for this.
>
>basic troubleshooting steps.
>A) check metadata for accuracy
>B) use fiddler or if you are using chrome, enable developer tools. Trace your request and see where it is getting stuck.
>C) use exact time stamp to correlate logs in web/app server, shibd and native log files.
>
>I am mentioning web/app server because I am not sure why you are using port 8080.
>
>For us to help you, more detailed information is needed.
>
>-Kunal Shah
>
>>-----Original Message-----
>>From: Peter Schober <[hidden email]>
>>Sent: Wednesday, June 27, 2018 10:01 AM
>>To: George Glessner <[hidden email]>
>>Subject: Re: Stuck at /Shibboleth.sso/SAML2/POST
>>
>>* George Glessner <[hidden email]> [2018-06-27 15:47]:
>>> When you say it looks like I'm trying to access something that
>>> doesn't exist, are you talking about the /Shibboleth.sso/SAML2/POST?
>>
>>No, you wrote earlier:
>>
>>* George Glessner <[hidden email]> [2018-06-26 19:44]:
>>> I get an error saying that the site cannot be reached and that my
>>> server IP address cannot be reached
>>
>>That's not a technical error report, of course, but if I had to guess (and I have, lacking evidence from your web server logs or HTTP status codes from the browser) to me that sounds like your browser cannot reach the server.
>>
>>-peter
>>
>>--
>>For Consortium Member technical support, see
>>https://wiki.shibboleth.net/confluence/x/coFAAg
>>To unsubscribe from this list send an email to
>>[hidden email]
>--
>For Consortium Member technical support, see
>https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to
>[hidden email]
>
>--
>For Consortium Member technical support, see
>https://wiki.shibboleth.net/confluence/x/coFAAg
>To unsubscribe from this list send an email to
>[hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]