Menu
▾
▴
Re: [Unity-idm-discuss] Redirect to SAML IdP is not working
|
From: Sander A. <sa....@fz...> - 2020-08-11 06:38:07
|
Dear Krzysztof, I attached the extended log. I saw some problems with "Response header too large" but I'm not sure who send this header. Cheers, Sander I attached the On Mon, 2020-08-10 at 19:15 +0200, Krzysztof Benedyczak wrote: > Dear Sander, > > W dniu 10.08.2020 o 06:58, Sander Apweiler pisze: > > Dear Krzysztof, > > we encountered an issue with the SAML IdP of CLARIN. We connected > > this > > IdP on two instance (b2access.eudat.eu and b2access-integration.fz- > > juelich.de), both are running unity 3.2.2. Both are configured in > > the > > same way: > > > > unity.saml.requester.metadataSource.clarin.url= > > https://infra.clarin.eu/aai/prod_md_about_clarin_erics_idp.xml > > unity.saml.requester.metadataSource.clarin.perMetadataTranslationPr > > ofile=clarinIdp > > unity.saml.requester.metadataSource.clarin.perMetadataRegistrationF > > orm=CLARIN-IDP > > > > On the integration instance it works fine, but on the eudat.eu > > instance > > it stops since at least last week (here we found this issue) after > > selecting the IdP with the URL: > > > > https://b2access.eudat.eu/home/?redirectToIdP=d9c934ff-1b81-40cd-a77d-ee1c6c26a3ef > > > > The log file does not provide any further information (trace). I > > attached the log and the SAML flow information from a user, where > > you > > see a 500 error. Did you see this problem before? We dropped > > already > > the IdP and add it new. > > As this is easily reproducible (I was able on you instance without > any > trouble): > > 1. pls try to obtain logged error from your server. Try to enable > even > full TRACE (all subsystems) for a sec, and trigger the issue. There > should be something logged on jetty or vaadin level > > 2. if you fail with the above try to provide your authenticator > configuration, so that it can be configured on my end. Then I can try > to > debug it. It would be perfect if you replicated this problem with > other > environment - there must be some difference between your testbed and > prod instance. > > > Cheers > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
