Error Message: SAML 2 SSO profile is not configured for relying party https://sp.example.ac.jp/shibboleth-sp |
SAML2SSOProfile
の設定が抜けているとこのエラーになります。opensaml::FatalProfileException The system encountered an error at Tue Apr 30 12:13:14 2013 To report this problem, please contact the site administrator at root@localhost. Please include the following message in any email: opensaml::FatalProfileException at (https://sp.example.ac.jp/Shibboleth.sso/SAML2/POST) Message was signed, but signature could not be verified. |
1:19:57.770 - ERROR [org.opensaml.xml.security.SigningUtil:250] - Error during signature verification java.security.SignatureException: Signature length not correct: got 256 but was expecting 128 |
Error Message: Message did not meet security requirements |
NoClassDefFoundError
となります。
$ sudo -u tomcat /opt/shibboleth-idp/bin/aacli.sh --configDir /opt/shibboleth-idp/conf/ --principal=test001 --requester=https://sp.example.ac.jp/shibboleth-sp Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.HandlerManager': Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: javax/servlet/ServletRequest at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480) : |
$ sudo ln -s $CATALINA_HOME/lib/servlet-api.jar /opt/shibboleth-idp/lib/ |
この問題はIdP 2.4.0で修正されました。https://issues.shibboleth.net/jira/browse/SIDP-557 "servlet-api-2.5.jar"のようなファイル名で自動的に /opt/shibboleth-idp/lib/ にコピーされているはずです。 |
14:51:13.419 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.RelyingPartyConfigurationManager 14:51:13.506 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:188] - Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components. The root cause of this error was: org.xml.sax.SAXParseException: The entity name must immediately follow the '&' in the entity reference. |
& |
< |
<security:Credential id="IdPCredential" xsi:type="security:X509Filesystem"> <security:PrivateKey Password="myKeyPa$$word&"> /opt/shibboleth-idp/credentials/server-enc.key </security:PrivateKey> |
<security:Credential id="IdPCredential" xsi:type="security:X509Filesystem"> <security:PrivateKey Password="myKeyPa$$word&"> /opt/shibboleth-idp/credentials/server-enc.key </security:PrivateKey> |
opensaml::FatalProfileException ... opensaml::FatalProfileExceptionat (https://sp.example.ac.jp/Shibboleth.sso/SAML2/POST) A valid authentication statement was not found in the incoming message. |
エラー: 無効なクエリです The return URL 'https://sp.example.ac.jp/Shibboleth.sso/DS' could not be verified for Service Provider 'https://sp.example.ac.jp/shibboleth-sp'. |
<SessionInitiator type="Chaining" Location="/ABC"...>
としたときのDSからのリターンURLは 'https://HOSTNAME/Shibboleth.sso/ABC' となります。また、shibboleth2.xmlにSessionInitiatorが1つも存在しない場合にはデフォルト値の 'https://HOSTNAME/Shibboleth.sso/Login' を使用してください。2012-11-16 17:45:00 ERROR Shibboleth.AttributeResolver.Query [6]: exception during SAML query to https://idp.example.ac.jp:8443/idp/profile/SAML2/SOAP/AttributeQuery: CURLSOAPTransport failed while contacting SOAP endpoint (https://idp.example.ac.jp:8443/idp/profile/SAML2/SOAP/AttributeQuery): connect() timed out! 2012-11-16 17:45:00 ERROR Shibboleth.AttributeResolver.Query [6]: unable to obtain a SAML response from attribute authority |
<!-- Use a SAML query if no attributes are supplied during SSO. --> <AttributeResolver type="Query" subjectMatch="true"/> |
$ sudo /etc/init.d/shibd start Starting shibd: configuration is invalid, check console for specific problems [FAILED] |
2013-02-12 14:36:06 ERROR XMLTooling.ParserPool : fatal error on line 105, column 145, message: expected entity name for reference 2013-02-12 14:36:06 ERROR Shibboleth.Config : error while loading resource (/etc/shibboleth/shibboleth2.xml): XML error(s) during parsing, check log for specifics 2013-02-12 14:36:06 FATAL Shibboleth.Config : caught exception while loading configuration: XML error(s) during parsing, check log for specifics |
& |
< |
<CredentialResolver type="File" key="cert/server-enc.key" certificate="cert/server-enc.crt" password="myKeyPa$$word&"/> |
<CredentialResolver type="File" key="cert/server-enc.key" certificate="cert/server-enc.crt" password="myKeyPa$$word&"/> |