Menu
▾
▴
Re: [Unity-idm-discuss] Fwd: Re: Nullpointer when SP tries to access IDP
|
From: Krzysztof B. <kb...@un...> - 2017-06-13 09:27:49
|
Hi Willem, W dniu 13.06.2017 o 11:05, Willem Elbers pisze: > Forgot to include the mailing list... Actually same here - the last time... > > Hi Krzystof, > > apologies for the delay, I became father again which took most of my > focus :) Huge congratulations! > > After increasing the translation profile logging I can see the following > for my identity: > > Working login: > > Entity 261: > - [email] wi...@cl... > - [persistent] 20940047-d9c3-4796-b43b-ebe7f399b2bd > - [targetedPersistent] 838bb7e5-dda6-4952-996e-6c25807e348a > - [transient] a5f7ef17-19b5-4d1f-9ed7-b48573ed3991 > In group: /clarin > Groups: [/clarin/developer, /clarin-admin, /clarin/normal, > /clarin/academic, /clarin, /] > Requester: https://sp.catalog.clarin.eu > > Failed login with problematic SP: > > Entity 261: > - [email] wi...@cl... > - [persistent] 20940047-d9c3-4796-b43b-ebe7f399b2bd > In group: /clarin > Groups: [/clarin/developer, /clarin-admin, /clarin/normal, > /clarin/academic, /clarin, /] > Requester: https://clarino.uib.no/ > > As you can see from the log, for the problematic SP the > [targetedPersistent] and [transient] identities are missing, hence the > error. > > The SAML configuration is as follows: > > unity.saml.issuerURI=https://idm.clarin.eu > unity.saml.credential=IDP > unity.saml.defaultGroup=/clarin > unity.saml.spAcceptPolicy=validRequester > unity.saml.signResponses=asRequest > unity.saml.validityPeriod=3600 > unity.saml.requestValidityPeriod=600 > unity.saml.authenticationTimeout=20 > unity.saml.acceptedSPMetadataSource.1.url=https://infra.clarin.eu/aai/md_about_spf_sps.xml > unity.saml.acceptedSPMetadataSource.2.url=file:///opt/dev-sp.clarin.eu.xml > unity.saml.refreshInterval=3600 > unity.saml.translationProfile=SAML-Attributes > unity.saml.skipConsent=true > > Please let me know if you need more info. Yes, the critical part is your translation profile. Also can you describe the flow? I guess you have saml login to unity, correct? If so - the request would be helpful too. Best Krzysztof |
