ipsilon

Clone
Source Code
GIT

#381 ERROR: SLO validation failed: <lasso.ProfileMissingAssertionError(-427): When looking for an assertion we did not found it.>
Opened 2 years ago by jelledj. Modified 2 years ago

Open
Close issue as:
Invalid Insufficient data Fixed Duplicate

I want start with thanking everybody for making the new releases of ipsilon. I updated all my installations from 2017 and been doing some new deployments. I been trying to get a pac4j client working with ipsilon-3.0.4-3.fc36.noarch but keep hitting issues. This is the error message and some SAML browser plugin tracking. I can share more information like metadata etc. Could somebody help me or tell me where I could get some help?

[Mon Oct 03 22:59:52.281287 2022] [wsgi:error] [pid 25704:tid 25831] [remote 192.168.40.29:59268] [03/Oct/2022:22:59:52]  DEBUG(providers/saml2/logout.py:35 Logout._handle_logout_request()): saml2: Logout request
[Mon Oct 03 22:59:52.283241 2022] [wsgi:error] [pid 25704:tid 25831] [remote 192.168.40.29:59268] [03/Oct/2022:22:59:52]  DEBUG(providers/saml2/logout.py:61 Logout._handle_logout_request()): saml2: SLO from https://zimbra.example.powercraft.nl/service/extension/saml/metadata with ('_2CBB1A2154CC9E12D30C57347BBCB66D',) sessions
[Mon Oct 03 22:59:52.290788 2022] [wsgi:error] [pid 25704:tid 25831] [remote 192.168.40.29:59268] [03/Oct/2022:22:59:52]  ERROR: SLO validation failed: <lasso.ProfileMissingAssertionError(-427): When looking for an assertion we did not found it.>
[Mon Oct 03 22:59:52.291954 2022] [wsgi:error] [pid 25704:tid 25831] [remote 192.168.40.29:59268] 192.168.40.29 - - [03/Oct/2022:22:59:52] "GET /idp/saml2/SLO/Redirect?SAMLRequest=nZJLb9swEIT%2FisC7xYf1MmEptaQGMOC2QJz2kEtAiSuHhUSqJJ0a%2FfVRlNhICqSHXpcznPkWu746DX3wCNYpo3NEQ4IC0K2RSh9y9P32epGhq2LtxNCzke%2FMwRz9Dfw6gvPB5NSOvzzl6Gg1N8Ipx7UYwHHf8v3my46zkPDRGm9a06OgnoxKCz%2BnPXg%2FOo6xGp3qjQ4b4x9ASxeO5jfY1orOh7rHSo54TsH73Td8A1JZaD0KtnWO7iGjTdI1SRuLJkqj5apNOtqt0rbpaAokE03XSBJNaueOsNXOC%2B1zxAhjC0oWZHnLCI9XPGYhzbI7FPw472Iqjl7J%2BWy2b4n%2FDSycA%2FsMiYoz5B81NFZ8xDjJH1ULGE4e9HP%2BTIwH8EIKL9b4bY9zq69T7rb%2Bn1bBtbGD8B%2FLaUjniZKLbpZyGITqN1JacA4VP0Np4NMFxtjDueJLqcvJ7Cf5lLjVEk7FPavKkm4YjaOqWn2mrF6SKk6XUVqWVZkk9esnf9ku03f3VzwB&RelayState=https%3A%2F%2Fzimbra.example.powercraft.nl%2Fservice%2Fextension%2Fsaml%2Fcallback%3Fclient_name%3DSAML2Client&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=gOu6ew8OUORjWPq4bP75PelybbeDpdHqLyxWTIgpD4ETS7ww9MzVEE7X%2FnG7Qirm97t6LyelkDP6NtbPdrcD04gRuNmMzXcSsWuybBX9KJcwxArB8u5Z1BuGv29BDWirr0UNQW4ea%2BPmrhEHKMTOZ4A4qCJV3eLEPu4%2FC0gpdLqKKNBOBo4Zfx3B0vsLxqpjlgkcFqX15cFTd7Qsn3iFnYbNrtPNjZCiuE%2B8%2B7gKZRG7hC0qKTtQ3NfqBI1iIuutv2Y4x0P%2Bzz%2Bhw2%2FcfY%2BpOzZrPi42zqmE02uPX5aKzdUO%2BMMSw5zhyXrit%2Fawod0YdR%2BEQpFn3MaU%2FaKHaFG%2BIQ%3D%3D HTTP/1.0" 400 938 "https://zimbra.example.powercraft.nl/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36"

<saml2p:LogoutRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                      Destination="https://ipsilon.example.powercraft.nl/idp/saml2/SLO/Redirect"
                      ID="_e81b6fb6c5ab47439c6f1f97cbf17e08abfbd04"
                      IssueInstant="2022-10-03T20:59:52.188Z"
                      Version="2.0"
                      >
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://zimbra.example.powercraft.nl/service/extension/saml/metadata</saml2:Issuer>
    <saml2:NameID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                  Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                  >j.doe@example.org</saml2:NameID>
    <saml2p:SessionIndex>_2CBB1A2154CC9E12D30C57347BBCB66D</saml2p:SessionIndex>
</saml2p:LogoutRequest>

GET
SAMLRequest: nZJLb9swEIT/isC7xYf1MmEptaQGMOC2QJz2kEtAiSuHhUSqJJ0a/fVRlNhICqSHXpcznPkWu746DX3wCNYpo3NEQ4IC0K2RSh9y9P32epGhq2LtxNCzke/MwRz9Dfw6gvPB5NSOvzzl6Gg1N8Ipx7UYwHHf8v3my46zkPDRGm9a06OgnoxKCz+nPXg/Oo6xGp3qjQ4b4x9ASxeO5jfY1orOh7rHSo54TsH73Td8A1JZaD0KtnWO7iGjTdI1SRuLJkqj5apNOtqt0rbpaAokE03XSBJNaueOsNXOC+1zxAhjC0oWZHnLCI9XPGYhzbI7FPw472Iqjl7J+Wy2b4n/DSycA/sMiYoz5B81NFZ8xDjJH1ULGE4e9HP+TIwH8EIKL9b4bY9zq69T7rb+n1bBtbGD8B/LaUjniZKLbpZyGITqN1JacA4VP0Np4NMFxtjDueJLqcvJ7Cf5lLjVEk7FPavKkm4YjaOqWn2mrF6SKk6XUVqWVZkk9esnf9ku03f3VzwB
RelayState: https://zimbra.example.powercraft.nl/service/extension/saml/callback?client_name=SAML2Client
SigAlg: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Signature: gOu6ew8OUORjWPq4bP75PelybbeDpdHqLyxWTIgpD4ETS7ww9MzVEE7X/nG7Qirm97t6LyelkDP6NtbPdrcD04gRuNmMzXcSsWuybBX9KJcwxArB8u5Z1BuGv29BDWirr0UNQW4ea+PmrhEHKMTOZ4A4qCJV3eLEPu4/C0gpdLqKKNBOBo4Zfx3B0vsLxqpjlgkcFqX15cFTd7Qsn3iFnYbNrtPNjZCiuE+8+7gKZRG7hC0qKTtQ3NfqBI1iIuutv2Y4x0P+zz+hw2/cfY+pOzZrPi42zqmE02uPX5aKzdUO+MMSw5zhyXrit/awod0YdR+EQpFn3MaU/aKHaFG+IQ==

GET https://ipsilon.example.powercraft.nl/idp/saml2/SLO/Redirect?SAMLRequest=nZJLb9swEIT%2FisC7xYf1MmEptaQGMOC2QJz2kEtAiSuHhUSqJJ0a%2FfVRlNhICqSHXpcznPkWu746DX3wCNYpo3NEQ4IC0K2RSh9y9P32epGhq2LtxNCzke%2FMwRz9Dfw6gvPB5NSOvzzl6Gg1N8Ipx7UYwHHf8v3my46zkPDRGm9a06OgnoxKCz%2BnPXg%2FOo6xGp3qjQ4b4x9ASxeO5jfY1orOh7rHSo54TsH73Td8A1JZaD0KtnWO7iGjTdI1SRuLJkqj5apNOtqt0rbpaAokE03XSBJNaueOsNXOC%2B1zxAhjC0oWZHnLCI9XPGYhzbI7FPw472Iqjl7J%2BWy2b4n%2FDSycA%2FsMiYoz5B81NFZ8xDjJH1ULGE4e9HP%2BTIwH8EIKL9b4bY9zq69T7rb%2Bn1bBtbGD8B%2FLaUjniZKLbpZyGITqN1JacA4VP0Np4NMFxtjDueJLqcvJ7Cf5lLjVEk7FPavKkm4YjaOqWn2mrF6SKk6XUVqWVZkk9esnf9ku03f3VzwB&RelayState=https%3A%2F%2Fzimbra.example.powercraft.nl%2Fservice%2Fextension%2Fsaml%2Fcallback%3Fclient_name%3DSAML2Client&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=gOu6ew8OUORjWPq4bP75PelybbeDpdHqLyxWTIgpD4ETS7ww9MzVEE7X%2FnG7Qirm97t6LyelkDP6NtbPdrcD04gRuNmMzXcSsWuybBX9KJcwxArB8u5Z1BuGv29BDWirr0UNQW4ea%2BPmrhEHKMTOZ4A4qCJV3eLEPu4%2FC0gpdLqKKNBOBo4Zfx3B0vsLxqpjlgkcFqX15cFTd7Qsn3iFnYbNrtPNjZCiuE%2B8%2B7gKZRG7hC0qKTtQ3NfqBI1iIuutv2Y4x0P%2Bzz%2Bhw2%2FcfY%2BpOzZrPi42zqmE02uPX5aKzdUO%2BMMSw5zhyXrit%2Fawod0YdR%2BEQpFn3MaU%2FaKHaFG%2BIQ%3D%3D HTTP/1.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90"
sec-ch-ua-mobile: ?0
Referer: https://zimbra.example.powercraft.nl/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,nl;q=0.8,fr;q=0.7
Cookie: ipsilon_default_username=j.doe; idp_ipsilon_session_id=4bd4828cd4bf6de65408ae8a166c2171d9f5494f; 314151d5-4a67-42e2-9b26-c08a59a5f68e=login; 8820d368-46ae-4423-9ee6-38a366bcd4e3=login; d593dab1-f2e4-43a2-8658-f7f505e91adb=login; AMCV_8F99160E571FC0427F000101%40AdobeOrg=1585540135%7CMCIDTS%7C18669%7CMCMID%7C33539047914154511701629578487609978934%7CMCAAMLH-1613592292%7C6%7CMCAAMB-1613592292%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1612994692s%7CNONE%7CMCSYNCSOP%7C411-18676%7CvVersion%7C4.4.0

HTTP/1.1 400
server: nginx
date: Mon, 03 Oct 2022 20:59:52 GMT
content-type: text/html; charset=UTF-8
content-length: 938
cache-control: no-cache, no-store, must-revalidate, private
pragma: no-cache
content-security-policy: frame-ancestors 'none'
x-frame-options: deny
set-cookie: idp_ipsilon_session_id=4bd4828cd4bf6de65408ae8a166c2171d9f5494f; expires=Mon, 03 Oct 2022 21:29:52 GMT; HttpOnly; Max-Age=1800; Path=/idp; Secure
strict-transport-security: max-age=31536000; includeSubDomains

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.