Need help to make my very first sample application work

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Need help to make my very first sample application work

gaven
This post was updated on .
First of all, I am new to SAML and Shibboleth. I have been trying to reading through the wiki to understand how it works.

In order to better understand it, I have followed https://wiki.shibboleth.net/confluence/display/SHIB2/IdPSPLocalTestInstall this wiki to install SP and IdP in my local environment.

I have carefully followed all the instructions, but I still cannot make it work. I really need some help to find out the root cause.

When I try to access https://localhost/secure, it will say:
    Attempted to insert duplicate storage key.

In native.log, it contains:
    2012-06-21 19:33:26 INFO Shibboleth.Application : adding LogoutInitiator of type (Local) to chain (/Logout)
2012-06-21 19:33:26 INFO Shibboleth.DiscoveryFeed : feed files will be cached in C:/opt/shibboleth-sp/var/run/shibboleth/
2012-06-21 19:34:12 ERROR Shibboleth.Listener [1160] shib_check_user: remoted message returned an error: Attempted to insert duplicate storage key.
2012-06-21 19:34:12 ERROR Shibboleth.Apache [1160] shib_check_user: Attempted to insert duplicate storage key.

If at this time, I try to access it again, the error message will become:
    Error Message: No peer endpoint available to which to send SAML response

In native.log, it contains:

In IdP-process.log, it conatins:
    19:33:29.506 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.HandlerManager service loaded new configuration
19:35:53.143 - INFO [Shibboleth-Access:74] - 20120622T023553Z|192.168.70.147|diamond.actuate.com:443|/profile/SAML2/Redirect/SSO|
19:35:53.207 - INFO [Shibboleth-Access:74] - 20120622T023553Z|192.168.70.147|diamond.actuate.com:443|/profile/SAML2/Redirect/SSO|
19:35:53.212 - WARN [org.opensaml.saml2.binding.AuthnResponseEndpointSelector:206] - Relying party 'https://diamond.actuate.com/shibboleth' requested the response to be returned to endpoint with ACS URL 'https://diamond.actuate.com/Shibboleth.sso/SAML2/POST'  and binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' however no endpoint, with that URL and using a supported binding,  can be found in the relying party's metadata
19:35:53.212 - ERROR [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:429] - No return endpoint available for relying party https://diamond.actuate.com/shibboleth


Can anybody please give me some hints? I have been blocked by this error for the whole day.

Thank you sooooo much.
Reply | Threaded
Open this post in threaded view
|

Re: Need help to make my very first sample application work

gaven
I looks like the problem may comes from my SP metadata, which contains this line:
       <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost/Shibboleth.sso/SAML2/POST" index="0"/>

Can anybody tell me why Idp-process log says:
          Relying party 'https://diamond.actuate.com/shibboleth' requested the response to be returned to endpoint with ACS URL 'https://diamond.actuate.com/Shibboleth.sso/SAML2/POST' 

How can I correctly make them match with each other?