Discussion:
/Shibboleth.sso/SAML2/POST 500 Chrome
Teresa Fasano
2014-09-15 14:34:41 UTC
Permalink
Hi,
I have a different behavior using two different browsers and logging in
with the same user.

With Chrome:
Request URL:https://esse3.unito.it/Shibboleth.sso/SAML2/POST
Request Method:POST
Status Code:500 Internal Server Error

With firefox:
Request URL:https://esse3.unito.it/Shibboleth.sso/SAML2/POST
Request Method:POST
Status Code:302

In the first case, the SP returns the following error:
xmltooling::XMLParserException
The system encountered an error at Mon Sep 15 16:10:49 2014
To report this problem, please contact the site administrator at
***@localhost.
Please include the following message in any email:
xmltooling::XMLParserException at
(https://esse3-pp.unito.it/Shibboleth.sso/SAML2/POST)
XML error(s) during parsing, check log for specifics

I do not understand what could depend on this difference.

thanks,
Teresa
--
----------------------------------
L'educazione è il pane dell'anima
----------------------------------

Teresa Fasano

CINECA
System and Technologies Department
Middleware and Infrastructure Group
Via Magnanelli, 6/3
Casalecchio di Reno (Bologna) ITALY

web: http://www.cineca.it
e-mail: t.fasano-***@public.gmane.org
phone: +39 06 444 86 517
--
To unsubscribe from this list send an email to users-***@shibboleth.net
Peter Schober
2014-09-15 14:42:39 UTC
Permalink
Post by Teresa Fasano
Request URL:https://esse3.unito.it/Shibboleth.sso/SAML2/POST
Request Method:POST
Status Code:500 Internal Server Error
[...]
Post by Teresa Fasano
xmltooling::XMLParserException at
(https://esse3-pp.unito.it/Shibboleth.sso/SAML2/POST)
XML error(s) during parsing, check log for specifics
Unlikely that Chrome does anything with the SAML in the protocol
messsage and people are using Chromium/Chrome with Shibboleth on a
daily basis, of course.

Does the same happen when you start private browsing mode first, in
your Chrome? What are the minimal, exact steps to reproduce the
problem?
-peter
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Teresa Fasano
2014-09-15 17:02:09 UTC
Permalink
Post by Peter Schober
Post by Teresa Fasano
Request URL:https://esse3.unito.it/Shibboleth.sso/SAML2/POST
Request Method:POST
Status Code:500 Internal Server Error
[...]
Post by Teresa Fasano
xmltooling::XMLParserException at
(https://esse3-pp.unito.it/Shibboleth.sso/SAML2/POST)
XML error(s) during parsing, check log for specifics
Unlikely that Chrome does anything with the SAML in the protocol
messsage and people are using Chromium/Chrome with Shibboleth on a
daily basis, of course.
Does the same happen when you start private browsing mode first, in
your Chrome?
Yes.
On the Identity Provider I have no errors.
At the Apache logs I see:"XML error(s) during parsing, check log for
specifics,"
SP does not reach anything.

This problem occurs only with Chrome.
Post by Peter Schober
What are the minimal, exact steps to reproduce the
problem?
-peter
--
----------------------------------
L'educazione è il pane dell'anima
----------------------------------

Teresa Fasano

CINECA
System and Technologies Department
Middleware and Infrastructure Group
Via Magnanelli, 6/3
Casalecchio di Reno (Bologna) ITALY

web: http://www.cineca.it
e-mail: t.fasano-***@public.gmane.org
phone: +39 06 444 86 517
--
To unsubscribe from this list send an email to users-***@shibboleth.net
Cantor, Scott
2014-09-15 17:07:39 UTC
Permalink
Post by Teresa Fasano
At the Apache logs I see:"XML error(s) during parsing, check log for
specifics,"
And the same or more detail will be in native.log

Either way, you can't fix it from the server end alone. If the browser
won't send the data cleanly, it isn't going to work. You will have to get
networking people involved, perform traces on the server end of the
connection to see what's happening (probably with ssldump), that sort of
thing. And have networking people willing to believe you. You also have to
account for the possibility that the data is corrupted before it hits your
network, assuming that the whole exchange isn't local.

Alternatively, you can switch to artifact binding, and hope that the
problem doesn't affect any application use of POST.

-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Teresa Fasano
2014-09-16 07:42:01 UTC
Permalink
Post by Cantor, Scott
Post by Teresa Fasano
At the Apache logs I see:"XML error(s) during parsing, check log for
specifics,"
And the same or more detail will be in native.log
Either way, you can't fix it from the server end alone. If the browser
won't send the data cleanly, it isn't going to work. You will have to get
networking people involved, perform traces on the server end of the
connection to see what's happening (probably with ssldump), that sort of
thing. And have networking people willing to believe you. You also have to
account for the possibility that the data is corrupted before it hits your
network, assuming that the whole exchange isn't local.
Alternatively, you can switch to artifact binding, and hope that the
problem doesn't affect any application use of POST.
Where can I find documentation on how to set the artificat binding to
the SP and the IDP?
Thanks,
Teresa
Post by Cantor, Scott
-- Scott
--
----------------------------------
L'educazione è il pane dell'anima
----------------------------------

Teresa Fasano

CINECA
System and Technologies Department
Middleware and Infrastructure Group
Via Magnanelli, 6/3
Casalecchio di Reno (Bologna) ITALY

web: http://www.cineca.it
e-mail: t.fasano-***@public.gmane.org
phone: +39 06 444 86 517
--
To unsubscribe from this list send an email to users-***@shibboleth.net
Cantor, Scott
2014-09-16 14:12:19 UTC
Permalink
Post by Teresa Fasano
Where can I find documentation on how to set the artificat binding to
the SP and the IDP?
There is no one way to do it. It depends how global you want the change to
be. You can disable POST in the SP by commenting out the appropriate lines
in protocols.xml, or you can reorder the precedence it uses to make
requests by changing the order.

-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Teresa Fasano
2014-09-15 17:10:16 UTC
Permalink
Post by Teresa Fasano
Post by Peter Schober
Post by Teresa Fasano
Request URL:https://esse3.unito.it/Shibboleth.sso/SAML2/POST
Request Method:POST
Status Code:500 Internal Server Error
[...]
Post by Teresa Fasano
xmltooling::XMLParserException at
(https://esse3-pp.unito.it/Shibboleth.sso/SAML2/POST)
XML error(s) during parsing, check log for specifics
Unlikely that Chrome does anything with the SAML in the protocol
messsage and people are using Chromium/Chrome with Shibboleth on a
daily basis, of course.
Does the same happen when you start private browsing mode first, in
your Chrome?
Yes.
On the Identity Provider I have no errors.
At the Apache logs I see:"XML error(s) during parsing, check log for
specifics,"
SP does not reach anything.
This problem occurs only with Chrome.
I increased the log level of apache and of shibd.
On the Apache I have:
[Mon Sep 15 19:08:14 2014] [error] [client 130.186.19.126] XML error(s)
during parsing, check log for specifics, referer:
https://idp.unito.it/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZJbb4IwGIb%2FCum9HASmNkLC9GImbhJhu9jNUsrnaAIt61d2%2BPcD0eluvGz6%0AHvo%2B6RJZU7c06Uwl9%2FDRARrru6kl0uNFRDotqWIokErWAFLDaZY8bunUdmmr%0AlVFc1cRKEEEboeRKSewa0BnoT8Hheb%2BNSGVMi9RxoBf5dieFUbYwTlaJolA1%0AmMpGVM6QOnXSXZYTa90%2FQ0g2BF7somwv5v7g9PUHUcPJuYdSaOB9brYj1mYd%0AkbcwKANeFIU390ruL%2FgCQggDdsdc358fZl4vQ%2BxgI9EwaSIydb1g4i4mXph7%0AM%2BrOqRe8Eis9rbwXshTy%2FTaSYhQhfcjzdDKueQGNxyW9gMTLASw9Fusr1Ldj%0A2Zkvic84RhQjUy4kcDZwwT%2BoS%2BeqaGxt6VOfvFmnqhb8x0rqWn2tNDADEfGI%0AE4%2BW%2F78h%2FgU%3D%0A&RelayState=cookie%3A21f6b939


On the shibd.log:
2014-09-15 19:08:14 ERROR XMLTooling.ParserPool [3298]: fatal error on
line 1, column 1, message: invalid byte 'v' at position 2 of a 3-byte
sequence
2014-09-15 19:08:14 ERROR Shibboleth.Listener [3298]: error processing
incoming message: XML error(s) during parsing, check log for specifics
Post by Teresa Fasano
Post by Peter Schober
What are the minimal, exact steps to reproduce the
problem?
-peter
--
----------------------------------
L'educazione è il pane dell'anima
----------------------------------

Teresa Fasano

CINECA
System and Technologies Department
Middleware and Infrastructure Group
Via Magnanelli, 6/3
Casalecchio di Reno (Bologna) ITALY

web: http://www.cineca.it
e-mail: t.fasano-***@public.gmane.org
phone: +39 06 444 86 517
--
To unsubscribe from this list send an email to users-***@shibboleth.net
Cantor, Scott
2014-09-15 14:55:13 UTC
Permalink
Post by Teresa Fasano
I do not understand what could depend on this difference.
Usually it means the browser and network are interacting to create a
broken POST. There aren't any known issues with the POST processing in the
Apache module, so whatever it is, it is. I can't make the POST clean if
it's not.

-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Loading...