Ping SLO : No local sessions found to logout - logout

We are trying to configure SLO for our SP. And getting below error when initiating https://ping.ap.com:9031/sp/startSLO.ping from our PingFederateCancelURL. We have configured open token for our integration and the open token cookie is getting deleted but still the ping side session is not getting destroyed. Any help would be highly appreciated. Thanks.
2015-10-14 04:01:46,507 tid:0pmOVItDf1iHmKjm-ZVYBWOTvXg ERROR [org.sourceid.saml20.profiles.sp.HandleLogoutRequest] Exception occurred during request processing
org.sourceid.saml20.profiles.StatusResponseException: No local sessions found to logout.
at org.sourceid.saml20.profiles.sp.HandleLogoutRequest.setStatus(HandleLogoutRequest.java:207) ~[pf-protocolengine.jar:?]
at org.sourceid.saml20.profiles.sp.HandleLogoutRequest.doResume(HandleLogoutRequest.java:200) ~[pf-protocolengine.jar:?]
at org.sourceid.saml20.profiles.ResumableRequestHandlerBase.exeResume(ResumableRequestHandlerBase.java:70) ~[pf-protocolengine.jar:?]
at org.sourceid.websso.profiles.ResumableRequestHandlerBase.resume(ResumableRequestHandlerBase.java:53) ~[pf-protocolengine.jar:?]
at org.sourceid.saml20.profiles.sp.HandleLogoutRequest.handle(HandleLogoutRequest.java:147) ~[pf-protocolengine.jar:?]
at org.sourceid.saml20.profiles.ResumableRequestHandlerBase.doProcess(ResumableRequestHandlerBase.java:58) ~[pf-protocolengine.jar:?]

We are not using PingFederateSLOURL in our mod_pf.conf.
Using just PingFederateCancelURL has resolved our issue. After hitting cancel url, we are calling SLO url but not through PingFederateSLOURL.

Related

How to work FIX session on VPN when we connect the apllication with FIX server

how the FIX Session works on VPN Tunnel and how many sessions should be created when we send the request on FIX.
my problem is that many session have created on VPN in one day i.e 30 000 session created so my FIX protocol does not respond properly,
how can I create only one session at a time?
This property file I used for FIX connectivity.
FileStorePath=data
ConnectionType=initiator
SenderCompID=XXX
TargetCompID=PSE
#SocketConnectHost=********
StartTime=09:30:00
Asia/Manila
EndTime=16:30:01
Asia/Manila
HeartBtInt=30
ReconnectInterval=50000
ResetOnLogon=Y
ResetOnLogout=Y
ResetOnDisconnect=Y
Username=*******
Password=*****
BeginString=FIXT.1.1
DefaultApplVerID=9
SocketConnectPort=xx
Session.lookupSession(sessionId).logout("user requested");
This function is get used for logging out.But gives the following error:
FIXIT.1.1:135->PSE, event> (Initiated logout response) FIXIT.1.1:135->PSE, event> (Disconnecting:Received logout response)
This are the logs that are shown on my console.
In the above the logout is done successfully and the session is removed from my side.But problem is that i didn't understand session is get destroyed or not? And if the session is destroyed then why VPN server is showing the connection is not destroyed? Is the problem from my side or there is a network issue?

EPROTO error on google action verification

I am working on an action on google using Actions SDK, however when i enabled the Actions; verification as described at:
https://developers.google.com/actions/reference/rest/verify-requests
I am getting the below error, this only comes when i am behind corporate proxy, can anyone suggest a solution for this?
{
"error": "ID token verification failed: Error: Failed to retrieve verification certificates: Error: write EPROTO 139904972138304:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:825:\n\n at OAuth2Client. (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:580:31)\n at step (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:57:23)\n at Object.throw (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:38:53)\n at rejected (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:30:65)\n at propagateAslWrapper (/opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/index.js:502:23)\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/glue.js:188:31\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/index.js:539:70\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/glue.js:188:31\n at :null:null\n"
}
I am using v2.5.0 of actions-on-google
So i was able to sort this issue, the underlying issue is with axios library being used by google auth library (v1.3.2)
here is the issue : https://github.com/axios/axios/issues/662
The workaround for me was to replace axios with request promise in google auth library and then publish it in our private npm registry, this solved the issue for now.

Paypal RefundTransaction API Operation (NVP) failing

I'm trying to hit the live paypal URL - https://api.paypal.com/nvl with valid login credentials.
But the call is failing with error -
A timeout error occurred whilst performing an SSL socket
operation - java.net.SocketTimeoutException: Read timed out
we are calling the interface using WMB and have setup the certificates in the truststore.

Express Checkout Digital Goods : Proxy Error on sandbox.paypal.com/incontext

I have a Flash website. When I want to use Paypal Express Checkout with Digital Goods, I call this javascript code :
dg = new PAYPAL.apps.DGFlow();
dg.startFlow("http://mydomain.com/setup.php");
setup.php calls SetExpressCheckoutPayment function and redirect to https://www.sandbox.paypal.com/incontext?token=...&useraction=commit
With Firebug I can see this address returns a 302, and redirects to https://www.sandbox.paypal.com/webapps/checkout/webflow/sparta/expresscheckoutvalidatedataflow?exp_type=&cookiesBlocked=&token=...&useraction=commit
This adress returns also a 302 and redirects to https://www.sandbox.paypal.com/webapps/checkout/webflow/sparta/expresscheckoutvalidatedataflow?execution=e1s1
Here it hangs for several minutes and ends with this error message :
Proxy Error
The proxy server could not handle the request GET /webapps/checkout/webflow/sparta/expresscheckoutvalidatedataflow.
Reason: Error during SSL Handshake with remote server
I started to get this error sometimes last week, and I have it every time today.
It happens on my MAMP environment and on my website.
I don't have SSL certificate but I didn't last week and it was not a problem.
Do you know anything about this error message ?
Edit
I tried with Opera, proxyError comes at a different step : https://www.sandbox.paypal.com/webapps/checkout/webflow/sparta/expresscheckoutvalidatedataflow?execution=e1s4
And once this morning on Firefox I had another Proxy Error after the first redirection :
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /webapps/checkout/webflow/sparta/expresscheckoutvalidatedataflow.
Reason: Error reading from remote server
I don't have the Proxy Error anymore since yesterday. I didn't change anything so it seems PayPal servers are unstable...
I'm having the same issue since Sunday evening (sorry that I can't post this as a comment, don't have enough reputation yet).
I'm on LiquidWeb shared hosting, using the Merchant SDK ( https://github.com/paypal/merchant-sdk-php ). I was on merchant-sdk-php-2.1.96 when the errors began, and tried upgrading to merchant-sdk-php-2.2.98 but now it is worse (won't even do the first redirect, which is confusing). My code is server side, but getting the timeout and proxy error at the same urls:
$setECResponse = $PayPal_service->SetExpressCheckout($setECReq);
if($setECResponse->Ack == 'Success') {
$token = $setECResponse->Token;
$payPalURL = 'https://www.sandbox.paypal.com/incontext?token=' . $token;
$this->Redirect($payPalURL);
}

PingFederate SLO - Status Message: Invalid signature

After I invoke single-log-out (SLO), by calling 'GET' on https://[PingFederate Server Instance]:[Port]/sp/startSLO.ping, my PingFederate server begins making requests to my SP logout services. [I know this because I can see it happening in Fiddler.]
But when one my SPs invokes “https://<PingFederate DNS>:XXXX” + request.getParameter(“resume”); (per #Scott T.'s answer here), I get an error message:
Error - Single Logout Nonsuccess Response status:
urn:oasis:names:tc:SAML:2.0:status:Requester Status Message: Invalid
signature Your Single Logout request did not complete successfully. To
logout out of your Identity Provider and each Service Provider, close
all your browser windows. Partner: XXXX:IDP Target Resource:
http://<domain>/<default SLO endpoint>
My Questions:
What is this error message referring to?
How can I resolve this error condition?
This error is likely due to a mismatch in configuration between IdP and SP. The signing keys/certificate for SAML messages used at one end, must match the verification certificate at the other end. Check your Credentials configuration on your connection for both IdP and SP. See this section in the PingFederate Administration Guide for some details.