Hi guys,
I am trying to setup SSO for my application using Apache, Shibboleth SP, Shibboleth IDP, Apache Directory services. My Apache is on port 91, my application is on Tomcat port 8080, Shibboleth IDP is on port 9443 https. I am seeing the below error in my Idp process log.
09:49:17.620 - INFO [org.opensaml.ws.security.provider.ClientCertAuthRule:104] - Inbound message transport did not contain a peer credential, skipping client certificate authentication
09:49:17.620 - ERROR [org.opensaml.ws.security.provider.MandatoryAuthenticatedMessageRule:37] - Inbound message issuer was not authenticated.
09:49:17.621 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler:203] - Message did not meet security requirements
org.opensaml.ws.security.SecurityPolicyException: Inbound message issuer was not authenticated.
at org.opensaml.ws.security.provider.MandatoryAuthenticatedMessageRule.evaluate(MandatoryAuthenticatedMessageRule.java:38) ~[openws-1.5.6.jar:na]
at org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:51) ~[openws-1.5.6.jar:na]
at org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:132) ~[openws-1.5.6.jar:na]
at org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:83) ~[openws-1.5.6.jar:na]
at org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70) ~[opensaml-2.6.6.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.decodeRequest(AttributeQueryProfileHandler.java:186) [shibboleth-identityprovider-2.4.5.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:88) [shibboleth-identityprovider-2.4.5.jar:na]
at edu.internet2.middleware.shibboleth.idp.profile.saml2.AttributeQueryProfileHandler.processRequest(AttributeQueryProfileHandler.java:55) [shibboleth-identityprovider-2.4.5.jar:na]
at edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet.service(ProfileRequestDispatcherServlet.java:83) [shibboleth-common-1.4.5.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) [catalina.jar:8.0.27]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-websocket.jar:8.0.27]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) [shibboleth-identityprovider-2.4.5.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:87) [shibboleth-identityprovider-2.4.5.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) [shibboleth-common-1.4.5.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) [catalina.jar:8.0.27]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) [catalina.jar:8.0.27]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:201) [catalina.jar:8.0.27]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [catalina.jar:8.0.27]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [catalina.jar:8.0.27]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) [catalina.jar:8.0.27]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [catalina.jar:8.0.27]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616) [catalina.jar:8.0.27]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [catalina.jar:8.0.27]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) [catalina.jar:8.0.27]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) [tomcat-coyote.jar:8.0.27]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:673) [tomcat-coyote.jar:8.0.27]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-coyote.jar:8.0.27]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-coyote.jar:8.0.27]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_60]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.0.27]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_60]
09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID:
http://localhost:8080/WebUI09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of
http://localhost:8080/WebUI09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:167] - Metadata document does not contain an EntityDescriptor with the ID
http://localhost:8080/WebUI09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID:
http://localhost:8080/WebUI09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of
http://localhost:8080/WebUI09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID:
http://localhost:8080/WebUI09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of
http://localhost:8080/WebUI09:49:17.621 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:167] - Metadata document does not contain an EntityDescriptor with the ID
http://localhost:8080/WebUI09:49:17.622 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID:
http://localhost:8080/WebUI09:49:17.622 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of
http://localhost:8080/WebUIAttaching all my configuration files and SP, IDP log files as well.
httpd.confshibboleth2.xmlapache24.configattribute-map.xmlidp-metadata.xmlattribute-filter.xmlattribute-resolver.xmllogin.configrelying-party.xmlsp-metadata.xml
Locked
