Kanuch, Andrew
2013-02-01 21:03:45 UTC
Good Afternoon,
My IDP( which previously worked, and is version 2.3.6 on a Win Server 2008 R2 Box) is now no longer releasing attributes to SPs. I've attempted to fix it for the past two days, and my attempts have not been successful. I'm hoping you might be able to shed some light on a fix, or tell me if a fresh install might be a better route.
Earlier this week Java was updated on the server, and afterwards I was unable to successfully start the Apache Tomcat Service. (To be fair, I'm assuming the Java update caused the service to fail-I could be wrong. It's not a live box yet, so it could have not been working for two months and no one would have been aware--in theory.)
To fix it I have:
1. Uninstalled the new java.
2. Resinstalled an old version. (JRE6, v34)
3. Imported copies of my certificates for my LDAP server into the Java's key store because the old key store was deleted. (LDAP server is Active Directory)
I am now able to successfully start the Apache Tomcat Service on the server, and I can successfully authenticate with various SPs (TestShib, InCommon, Box) but...
... I cannot seem to pass attributes on to any of them.
The IDP audit Log shows:
"20130201T190340Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_ce87ff20d90e5753d37c8bfb7873d90f|https://sp.testshib.org/shibboleth-sp|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://icarus.sdstate.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b9462eea45b03c3ff6e6349b60e8caff|andy.kanuch|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|||_3c770b9fa285c7e8d4dd816689c5575e,|"
If I understand how the logging mechanism formats output, the attributes being passed should appear at near the end after PasswordProtectedTransport, right?
I've confirmed the user/pass for the account that runs our LDAP queries, and tested it with an LDAP tool.
I ran ACCLI Command with the following: bin\aacli.bat --configDir=conf/ --principal=andy.kanuch --requester=https://sp.testshib.org/ (My first time, and I think the syntax is accurate.)
It returns:
Exception in thread "main" org.springframework.beans.factory.BeanCreationExcepti
on: Error creating bean with name 'shibboleth.HandlerManager': Initialization of
bean failed; nested exception is java.lang.NoClassDefFoundError: javax/servlet/
ServletRequest
at org.springframework.beans.factory.support.AbstractAutowireCapableBean...
(verbose, and then continues with...)
Caused by: java.lang.NoClassDefFoundError: javax/servlet/ServletRequest
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Unknown Source)
at java.lang.Class.privateGetPublicMethods(Unknown Source)
at java.lang.Class.getMethods(Unknown Source)
at java.beans.Introspector.getPublicDeclaredMethods(Unknown Source)
at java.beans.Introspector.getTargetMethodInfo(Unknown Source)
at java.beans.Introspector.getBeanInfo(Unknown Source)
at java.beans.Introspector.getBeanInfo(Unknown Source)
at org.springframework.beans.CachedIntrospectionResults.<init>(CachedInt
rospectionResults.java:220)
at org.springframework.beans.CachedIntrospectionResults.forClass(CachedI
ntrospectionResults.java:144)
Am I using the the AACLI tool as intended? (To see if an IDP is releasing attributes for a specific SP profile?) Maybe I reverted back to the wrong version of Java? Or is there something else you might suggestion I have done in error?
Thank you for your time.
My IDP( which previously worked, and is version 2.3.6 on a Win Server 2008 R2 Box) is now no longer releasing attributes to SPs. I've attempted to fix it for the past two days, and my attempts have not been successful. I'm hoping you might be able to shed some light on a fix, or tell me if a fresh install might be a better route.
Earlier this week Java was updated on the server, and afterwards I was unable to successfully start the Apache Tomcat Service. (To be fair, I'm assuming the Java update caused the service to fail-I could be wrong. It's not a live box yet, so it could have not been working for two months and no one would have been aware--in theory.)
To fix it I have:
1. Uninstalled the new java.
2. Resinstalled an old version. (JRE6, v34)
3. Imported copies of my certificates for my LDAP server into the Java's key store because the old key store was deleted. (LDAP server is Active Directory)
I am now able to successfully start the Apache Tomcat Service on the server, and I can successfully authenticate with various SPs (TestShib, InCommon, Box) but...
... I cannot seem to pass attributes on to any of them.
The IDP audit Log shows:
"20130201T190340Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_ce87ff20d90e5753d37c8bfb7873d90f|https://sp.testshib.org/shibboleth-sp|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://icarus.sdstate.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b9462eea45b03c3ff6e6349b60e8caff|andy.kanuch|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|||_3c770b9fa285c7e8d4dd816689c5575e,|"
If I understand how the logging mechanism formats output, the attributes being passed should appear at near the end after PasswordProtectedTransport, right?
I've confirmed the user/pass for the account that runs our LDAP queries, and tested it with an LDAP tool.
I ran ACCLI Command with the following: bin\aacli.bat --configDir=conf/ --principal=andy.kanuch --requester=https://sp.testshib.org/ (My first time, and I think the syntax is accurate.)
It returns:
Exception in thread "main" org.springframework.beans.factory.BeanCreationExcepti
on: Error creating bean with name 'shibboleth.HandlerManager': Initialization of
bean failed; nested exception is java.lang.NoClassDefFoundError: javax/servlet/
ServletRequest
at org.springframework.beans.factory.support.AbstractAutowireCapableBean...
(verbose, and then continues with...)
Caused by: java.lang.NoClassDefFoundError: javax/servlet/ServletRequest
at java.lang.Class.getDeclaredMethods0(Native Method)
at java.lang.Class.privateGetDeclaredMethods(Unknown Source)
at java.lang.Class.privateGetPublicMethods(Unknown Source)
at java.lang.Class.getMethods(Unknown Source)
at java.beans.Introspector.getPublicDeclaredMethods(Unknown Source)
at java.beans.Introspector.getTargetMethodInfo(Unknown Source)
at java.beans.Introspector.getBeanInfo(Unknown Source)
at java.beans.Introspector.getBeanInfo(Unknown Source)
at org.springframework.beans.CachedIntrospectionResults.<init>(CachedInt
rospectionResults.java:220)
at org.springframework.beans.CachedIntrospectionResults.forClass(CachedI
ntrospectionResults.java:144)
Am I using the the AACLI tool as intended? (To see if an IDP is releasing attributes for a specific SP profile?) Maybe I reverted back to the wrong version of Java? Or is there something else you might suggestion I have done in error?
Thank you for your time.