10:42 a.m.
Hello everyone,
I have a problem with a "idp hinting" feature. I set in SP a SAML
AuthnRequest url, e.g.:
https://proxy.example.com/Saml2/sso/redirect?idphint=https%3A%2F%2Fidp.exam…
I have SATOSA 8.1.0 with a Discovery Service:
https://service.seamlessaccess.org/ds/ and a configuration of idp
hinting:
https://github.com/IdentityPython/SATOSA/blob/master/example/plugins/micros…
In satosa saml backend are metadata from eduGAIN. (For this example I
changed domain to "example.com")
After authentication request in SATOSA log is:
[2022-07-26 14:09:40,711] [ERROR] [saml2.request._verify]
https://proxy.example.com/Saml2/sso/redirect?idphint=https%3A%2F%2Fidp.exam…
not in ['https://proxy.example.com/Saml2/sso/redirect']
[2022-07-26 14:09:40,711] [ERROR] [satosa.base.run]
[urn:uuid:1f970493-c436-4d86-83a5-88162a2ca2a1] Uncaught exception
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
240, in run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
180, in _run_bound_endpoint
return spec(context)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
100, in handle_authn_request
return self._handle_authn_request(context, binding_in, self.idp)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
195, in _handle_authn_request
req_info = idp.parse_authn_request(context.request["SAMLRequest"],
binding_in)
File "/usr/local/lib/python3.6/site-packages/saml2/server.py", line
244, in parse_authn_request
signature=signature)
File "/usr/local/lib/python3.6/site-packages/saml2/entity.py", line
1080, in _parse_request
_request.verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
157, in verify
return self._verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
144, in _verify
raise OtherError("Not destined for me!")
saml2.s_utils.OtherError: Not destined for me!
[2022-07-26 14:09:40,712] [ERROR] [satosa.proxy_server.__call__] Unknown
error
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
240, in run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
180, in _run_bound_endpoint
return spec(context)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
100, in handle_authn_request
return self._handle_authn_request(context, binding_in, self.idp)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
195, in _handle_authn_request
req_info = idp.parse_authn_request(context.request["SAMLRequest"],
binding_in)
File "/usr/local/lib/python3.6/site-packages/saml2/server.py", line
244, in parse_authn_request
signature=signature)
File "/usr/local/lib/python3.6/site-packages/saml2/entity.py", line
1080, in _parse_request
_request.verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
157, in verify
return self._verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
144, in _verify
raise OtherError("Not destined for me!")
saml2.s_utils.OtherError: Not destined for me!
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/proxy_server.py",
line 148, in __call__
resp = self.run(context)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
258, in run
raise SATOSAUnknownError("Unknown error") from err
satosa.exception.SATOSAUnknownError: Unknown error
Do you know the solution of the problem?
Best Regards,
Marcin Miłek
1:31 a.m.
Ciao Marcin
In the log the relevant error Is the following
saml2.s_utils.OtherError: Not destined for me!
That means that the balidation of the request fails, do you have a good
destination value in your authn?
Il gio 28 lug 2022, 09:42 Marcin Miłek <marcin.milek(a)pwr.edu.pl> ha scritto:
Hello everyone,
I have a problem with a "idp hinting" feature. I set in SP a SAML
AuthnRequest url, e.g.:
https://proxy.example.com/Saml2/sso/redirect?idphint=https%3A%2F%2Fidp.exam…
I have SATOSA 8.1.0 with a Discovery Service:
https://service.seamlessaccess.org/ds/ and a configuration of idp
hinting:
https://github.com/IdentityPython/SATOSA/blob/master/example/plugins/micros…
In satosa saml backend are metadata from eduGAIN. (For this example I
changed domain to "example.com")
After authentication request in SATOSA log is:
[2022-07-26 14:09:40,711] [ERROR] [saml2.request._verify]
https://proxy.example.com/Saml2/sso/redirect?idphint=https%3A%2F%2Fidp.exam…
not in ['https://proxy.example.com/Saml2/sso/redirect']
[2022-07-26 14:09:40,711] [ERROR] [satosa.base.run]
[urn:uuid:1f970493-c436-4d86-83a5-88162a2ca2a1] Uncaught exception
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
240, in run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
180, in _run_bound_endpoint
return spec(context)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
100, in handle_authn_request
return self._handle_authn_request(context, binding_in, self.idp)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
195, in _handle_authn_request
req_info = idp.parse_authn_request(context.request["SAMLRequest"],
binding_in)
File "/usr/local/lib/python3.6/site-packages/saml2/server.py", line
244, in parse_authn_request
signature=signature)
File "/usr/local/lib/python3.6/site-packages/saml2/entity.py", line
1080, in _parse_request
_request.verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
157, in verify
return self._verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
144, in _verify
raise OtherError("Not destined for me!")
saml2.s_utils.OtherError: Not destined for me!
[2022-07-26 14:09:40,712] [ERROR] [satosa.proxy_server.__call__] Unknown
error
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
240, in run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
180, in _run_bound_endpoint
return spec(context)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
100, in handle_authn_request
return self._handle_authn_request(context, binding_in, self.idp)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py", line
195, in _handle_authn_request
req_info = idp.parse_authn_request(context.request["SAMLRequest"],
binding_in)
File "/usr/local/lib/python3.6/site-packages/saml2/server.py", line
244, in parse_authn_request
signature=signature)
File "/usr/local/lib/python3.6/site-packages/saml2/entity.py", line
1080, in _parse_request
_request.verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
157, in verify
return self._verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py", line
144, in _verify
raise OtherError("Not destined for me!")
saml2.s_utils.OtherError: Not destined for me!
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/proxy_server.py",
line 148, in __call__
resp = self.run(context)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
258, in run
raise SATOSAUnknownError("Unknown error") from err
satosa.exception.SATOSAUnknownError: Unknown error
Do you know the solution of the problem?
Best Regards,
Marcin Miłek
_______________________________________________
Idpy-discuss mailing list -- idpy-discuss(a)lists.sunet.se
To unsubscribe send an email to idpy-discuss-leave(a)lists.sunet.se
--
------------------------------------------------------------------------------------------------------------------
Il banner è generato automaticamente dal servizio di posta elettronica
dell'Università della Calabria
<https://www.unical.it/5x1000>
11:24 a.m.
Hi Giuseppe,
thanks for your e-mail. That is good advice. I figured the problem is
because I use Keycloak broker as a SP and I set url to SATOSA with
idphint parameter as SAML AuthnRequest. When I use in Keycloak broker
url without idphint and manually add this parameter it works. I think it
is a problem in Keycloak because it does not recognize the parameter in
SAML AuthnRequest url.
Best Regards,
Marcin
W dniu 29.07.2022 o 00:31, Giuseppe De Marco pisze:
Ciao Marcin
In the log the relevant error Is the following
saml2.s_utils.OtherError: Not destined for me!
That means that the balidation of the request fails, do you have a
good destination value in your authn?
Il gio 28 lug 2022, 09:42 Marcin Miłek <marcin.milek(a)pwr.edu.pl> ha
scritto:
Hello everyone,
I have a problem with a "idp hinting" feature. I set in SP a SAML
AuthnRequest url, e.g.:
https://proxy.example.com/Saml2/sso/redirect?idphint=https%3A%2F%2Fidp.exam…
I have SATOSA 8.1.0 with a Discovery Service:
https://service.seamlessaccess.org/ds/ and a configuration of idp
hinting:
https://github.com/IdentityPython/SATOSA/blob/master/example/plugins/micros…
In satosa saml backend are metadata from eduGAIN. (For this example I
changed domain to "example.com <http://example.com>")
After authentication request in SATOSA log is:
[2022-07-26 14:09:40,711] [ERROR] [saml2.request._verify]
https://proxy.example.com/Saml2/sso/redirect?idphint=https%3A%2F%2Fidp.exam…
not in ['https://proxy.example.com/Saml2/sso/redirect']
[2022-07-26 14:09:40,711] [ERROR] [satosa.base.run]
[urn:uuid:1f970493-c436-4d86-83a5-88162a2ca2a1] Uncaught exception
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
240, in run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
180, in _run_bound_endpoint
return spec(context)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py",
line
100, in handle_authn_request
return self._handle_authn_request(context, binding_in, self.idp)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py",
line
195, in _handle_authn_request
req_info =
idp.parse_authn_request(context.request["SAMLRequest"],
binding_in)
File "/usr/local/lib/python3.6/site-packages/saml2/server.py",
line
244, in parse_authn_request
signature=signature)
File "/usr/local/lib/python3.6/site-packages/saml2/entity.py",
line
1080, in _parse_request
_request.verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py",
line
157, in verify
return self._verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py",
line
144, in _verify
raise OtherError("Not destined for me!")
saml2.s_utils.OtherError: Not destined for me!
[2022-07-26 14:09:40,712] [ERROR] [satosa.proxy_server.__call__]
Unknown
error
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
240, in run
resp = self._run_bound_endpoint(context, spec)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
180, in _run_bound_endpoint
return spec(context)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py",
line
100, in handle_authn_request
return self._handle_authn_request(context, binding_in, self.idp)
File
"/usr/local/lib/python3.6/site-packages/satosa/frontends/saml2.py",
line
195, in _handle_authn_request
req_info =
idp.parse_authn_request(context.request["SAMLRequest"],
binding_in)
File "/usr/local/lib/python3.6/site-packages/saml2/server.py",
line
244, in parse_authn_request
signature=signature)
File "/usr/local/lib/python3.6/site-packages/saml2/entity.py",
line
1080, in _parse_request
_request.verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py",
line
157, in verify
return self._verify()
File "/usr/local/lib/python3.6/site-packages/saml2/request.py",
line
144, in _verify
raise OtherError("Not destined for me!")
saml2.s_utils.OtherError: Not destined for me!
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File
"/usr/local/lib/python3.6/site-packages/satosa/proxy_server.py",
line 148, in __call__
resp = self.run(context)
File "/usr/local/lib/python3.6/site-packages/satosa/base.py", line
258, in run
raise SATOSAUnknownError("Unknown error") from err
satosa.exception.SATOSAUnknownError: Unknown error
Do you know the solution of the problem?
Best Regards,
Marcin Miłek
_______________________________________________
Idpy-discuss mailing list -- idpy-discuss(a)lists.sunet.se
To unsubscribe send an email to idpy-discuss-leave(a)lists.sunet.se
------------------------------------------------------------------------------------------------------------------
Il banner è generato automaticamente dal servizio di posta elettronica
dell'Università della Calabria
https://www.unical.it/5x1000 <https://www.unical.it/5x1000>
876
days inactive
877
days old
2 comments
2 participants
participants (2)
-
Giuseppe De Marco -
Marcin Miłek