By: Jake Barwell user 03 Feb 2016 at 9:57 a.m. CST

2 Responses
Jake Barwell gravatar
I am setting up a SAML trust relationship with GLUU and our SP. The SAML negotiation pushes the user to GLUU authentication page /idp/Authn/UserPassword I enter user name and password and it just redirects back to the same page with no information. The only useful information I have found is in the idp-process.log ``` 15:40:24.313 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:170] - Attempting to authenticate user jake.barwell@thinkonglobal.com 15:40:24.368 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:194] - User authentication for jake.barwell@thinkonglobal.com failed javax.security.auth.login.LoginException: invalid attribute description at edu.vt.middleware.ldap.jaas.LdapLoginModule.login(LdapLoginModule.java:167) ~[vt-ldap-3.3.9.jar:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_85] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_85] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_85] at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_85] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) ~[na:1.7.0_85] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) ~[na:1.7.0_85] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) ~[na:1.7.0_85] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) ~[na:1.7.0_85] at java.security.AccessController.doPrivileged(Native Method) ~[na:1.7.0_85] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) ~[na:1.7.0_85] at javax.security.auth.login.LoginContext.login(LoginContext.java:595) ~[na:1.7.0_85] at edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.authenticateUser(UsernamePasswordLoginServlet.java:177) [shibboleth-identityprovider-2.4.4.jar:na] at edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet.service(UsernamePasswordLoginServlet.java:123) [shibboleth-identityprovider-2.4.4.jar:na] at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) [servlet-api.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) [catalina.jar:7.0.55] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.55] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat7-websocket.jar:7.0.55] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.55] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.55] at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:50) [shibboleth-identityprovider-2.4.4.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.55] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.55] at unimr.shib2.UniMrMemcachedServletFilter.doFilter(UniMrMemcachedServletFilter.java:53) [unimr-memcached-idp2.4-rev218.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.55] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.55] at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:87) [shibboleth-identityprovider-2.4.4.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.55] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.55] at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:52) [shibboleth-common-1.4.4.jar:na] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.55] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.55] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:203) [catalina.jar:7.0.55] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.55] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:7.0.55] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) [catalina.jar:7.0.55] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:7.0.55] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [catalina.jar:7.0.55] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) [catalina.jar:7.0.55] at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) [tomcat-coyote.jar:7.0.55] at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) [tomcat-coyote.jar:7.0.55] at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) [tomcat-coyote.jar:7.0.55] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_85] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_85] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.55] at java.lang.Thread.run(Thread.java:745) [na:1.7.0_85] 15:40:24.369 - TRACE [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:349] - Looking up LoginContext with key b036fb59e47a47f3abec13b22f2fa73a927a571f1c6537266e1b3781a2d4c3ef from StorageService parition: loginContexts 15:40:24.369 - TRACE [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:355] - Retrieved LoginContext with key b036fb59e47a47f3abec13b22f2fa73a927a571f1c6537266e1b3781a2d4c3ef from StorageService parition: loginContexts 15:40:24.441 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet:150] - Redirecting to login page /login.jsp ``` I am going to try and figure out what I have got wrong but any pointers at where to be looking would be a great help.

By Mohib Zico Account Admin 03 Feb 2016 at 10:58 a.m. CST

Mohib Zico gravatar
>> The SAML negotiation pushes the user to GLUU authentication page /idp/Authn/UserPassword It should never go to this link for authentication. Instead, Gluu Server should go to /oxauth/login....

By Jake Barwell user 04 Feb 2016 at 5:59 a.m. CST

Jake Barwell gravatar
Thanks that helped, my sp setup was incorrect. I have fixed and its now pointing to the correct authentication page and on successful login returning me back to sp. Some more issues on my end but I can work through them now.