Shibboleth 3.0.4 SP External Authentication Handler problem

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Shibboleth 3.0.4 SP External Authentication Handler problem

Gianluca Pindinelli
Hi,
I have a problem using ExternalAuth handler on my new intallation on CentOS Linux release 7.7.1908 (Core) (Shibboleth 3.0.4 + Apache Apache/2.4.41, installed by yum).
When I use the service obtain always "External Authentication Failed" (error code 500). Investigating a little I found in /var/log/messages the error:

Oct 23 10:36:50 localhost shibd: shibd: /usr/include/boost/smart_ptr/scoped_ptr.hpp:99: T* boost::scoped_ptr<T>::operator->() const [with T = shibsp::ResolutionContext]: Assertion `px != 0' failed.
Oct 23 10:36:50 localhost shibboleth: ERROR Shibboleth.Listener [4339] shib_handler [default]: error reading size of output message
Oct 23 10:36:50 localhost shibboleth: ERROR Shibboleth.Handler.ExternalAuth [4339] shib_handler [default]: error while processing request: Failure receiving response to remoted message (default/ExternalAuth).
Oct 23 10:36:50 localhost systemd: shibd.service: main process exited, code=killed, status=6/ABRT
Oct 23 10:36:50 localhost systemd: Unit shibd.service entered failed state.
Oct 23 10:36:50 localhost systemd: shibd.service failed.

with subsequent restart of the service shibd.

The same request (Form POST option) perfectly work with Shibboleth 2 on another scenario.

Any suggestions?

Thanks in advance.


 

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Shibboleth 3.0.4 SP External Authentication Handler problem

Rod Widdowson
> Oct 23 10:36:50 localhost shibd: shibd: /usr/include/boost/smart_ptr/scoped_ptr.hpp:99: T* boost::scoped_ptr<T>::operator->()
const [with T = shibsp::ResolutionContext]: Assertion `px != 0' failed.

This is a bug (no matter what) we shouldn't be leaking Boost asserts into the wild.  So a case against the SP would be appreciated.

> Any suggestions?

For myself I'd be interested in anything above that line in the log.  You should also set Shibboleth.Handler.ExternalAuth to DEBUG
to trace why the attribute resolution went wrong.  Is the extractor installed OK?

Rod


 

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Shibboleth 3.0.4 SP External Authentication Handler problem

Rod Widdowson
In reply to this post by Gianluca Pindinelli
Oh yes, and I hadn't spotted.

> To: 'Shib Dev' <mailto:[hidden email]>

This should be in users, not dev

        /Rod

--
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Shibboleth 3.0.4 SP External Authentication Handler problem

Cantor, Scott E.
In reply to this post by Gianluca Pindinelli
Under the assumption attribute resolution failed, which should be in the log, there are a couple of places it dereferences something without checking for a null pointer first. Please do file a bug, otherwise it's going to get forgotten in all the other work.

-- Scott


--
To unsubscribe from this list send an email to [hidden email]