By: khilo jammal user 15 May 2024 at 5:17 p.m. CDT

2 Responses
khilo jammal gravatar
I am getting the Web Login Service - Message Security Error , once trying to authentication with Gluu IDP. logs are not clear, how can I see relevant logs , or maybe debug logs ? I see in network a SAML assertion request was called : Idp/profile/SAML2/POST/SSO with bad request response. url : <SP url>/authorize/saml2/login?idp_id=<my_app_url>%2Fauth%2Fsaml%2Finit%3FpatientId%3D1001%26redirect_method%3Dpost%26appname%3Dop I have attached the xml for idp/shibboleth and screenshot of the trusted relation ( maybe I need to add a new one ?) please note : it was working all the time, since the last two weeks it is stopped , with no configuraiton change. xml conf;

By Mohib Zico staff 15 May 2024 at 10:37 p.m. CDT

Mohib Zico gravatar
Hi, >> Web Login Service - Message Security Error , once trying to authentication with Gluu IDP. Most probably someone's ( either Gluu Server or SP ) signing or encryption certificate/s changed / updated. You can check more specific logs inside `/opt/shibboleth-idp/logs/idp-process.log` with DEBUG logging level. BTW, Gluu CE is now behind a paywall. If you're interested, you can follow [these]( instructions. Alternatively, we have Jans, a community edition. Please visit [here]( to learn more.

By khilo jammal user 16 May 2024 at 4:34 a.m. CDT

khilo jammal gravatar
Thanks for your fast response, the logs where helpfull, I got the following signature failure : ERROR [] - Credential failed name check: [subject name] 2024-05-16 12:23:35,454 - DEBUG [] - Message Handler: Validation of protocol message signature failed for context issuer my issuer', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest 2024-05-16 12:23:35,455 - WARN [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:202] - Profile Action WebFlowMessageHandlerAdaptor: Exception handling message org.opensaml.messaging.handler.MessageHandlerException: Validation of protocol message signature failed at 2024-05-16 12:23:35,457 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: MessageAuthenticationError 2024-05-16 12:23:35,457 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:154] - No SAMLBindingContext or binding URI available, error must be handled locally Shall I create a new Trust Relation ? or maybe to create metada.xml ( is it applicable from gluu admin ?)