Menu
▾
▴
Re: [Unity-idm-discuss] Redirect to SAML IdP is not working
|
From: Krzysztof B. <kb...@un...> - 2020-08-10 17:15:58
|
Dear Sander, W dniu 10.08.2020 o 06:58, Sander Apweiler pisze: > Dear Krzysztof, > we encountered an issue with the SAML IdP of CLARIN. We connected this > IdP on two instance (b2access.eudat.eu and b2access-integration.fz- > juelich.de), both are running unity 3.2.2. Both are configured in the > same way: > > unity.saml.requester.metadataSource.clarin.url=https://infra.clarin.eu/aai/prod_md_about_clarin_erics_idp.xml > unity.saml.requester.metadataSource.clarin.perMetadataTranslationProfile=clarinIdp > unity.saml.requester.metadataSource.clarin.perMetadataRegistrationForm=CLARIN-IDP > > On the integration instance it works fine, but on the eudat.eu instance > it stops since at least last week (here we found this issue) after > selecting the IdP with the URL: > > https://b2access.eudat.eu/home/?redirectToIdP=d9c934ff-1b81-40cd-a77d-ee1c6c26a3ef > > The log file does not provide any further information (trace). I > attached the log and the SAML flow information from a user, where you > see a 500 error. Did you see this problem before? We dropped already > the IdP and add it new. As this is easily reproducible (I was able on you instance without any trouble): 1. pls try to obtain logged error from your server. Try to enable even full TRACE (all subsystems) for a sec, and trigger the issue. There should be something logged on jetty or vaadin level 2. if you fail with the above try to provide your authenticator configuration, so that it can be configured on my end. Then I can try to debug it. It would be perfect if you replicated this problem with other environment - there must be some difference between your testbed and prod instance. Cheers Krzysztof |
