After successfully receiving the SAML 2.0 token while using simplesamlphp as a Service Provider I get the following error.
Oct 21 17:30:15 simplesamlphp DEBUG [6b6e3c270f] GenerateGroups - attribute 'eduPersonAffiliation' not found.
Oct 21 17:30:15 simplesamlphp DEBUG [6b6e3c270f] Session: doLogin("default-sp")
Oct 21 17:30:15 simplesamlphp WARNING [6b6e3c270f] Unable to find the SAML 2 binding used for this request.
Oct 21 17:30:15 simplesamlphp WARNING [6b6e3c270f] Request method: 'GET'
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Backtrace:
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 0 /var/www/simplesamlphp/www/module.php:180 (N/A)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Caused by: Exception: Unable to find the current binding.
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Backtrace:
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 2 /var/www/simplesamlphp/lib/SAML2/Binding.php:95 (SAML2_Binding::getCurrentBinding)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 1 /var/www/simplesamlphp/modules/saml/www/sp/saml2-acs.php:11 (require)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] 0 /var/www/simplesamlphp/www/module.php:135 (N/A)
Oct 21 17:30:15 simplesamlphp ERROR [6b6e3c270f] Error report with id bd213fb5 generated.
My SP is set up like this:
**authsources.php**
'default-sp' => array(
'saml:SP',
'entityID' => NULL,
'idp' => NULL,
'discoURL' => NULL,
'RelayState' => '{link to my application}',
'acs.Bindings' => array(
'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
),
),
saml20-idp-remote.php
$metadata['https://{idp entity id}'] = array(
'metadata-set' => 'saml20-idp-remote',
'entityid' => 'https://{idp entity id}',
'name' => array(
'en' => 'IDP Name',
'no' => 'IDP name',
),
'description' => 'IDP desc',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => '{SSO url}',
),
1 =>
array(
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
'Location' => '{SSO url}',
),
),
'SingleLogoutService' => '{SLO url}',
'certFingerprint' => '{the fingerprint}',
);
I am pretty new to Single Sign on. I have also hid the urls for confidentiality but I am not sure if I am missing something or whats causing this error to be thrown. If anyone could help point me in the right direction that would be greatly appreciated. I should also mention I am trying to use https://drupal.org/project/simplesamlphp_auth to hook into my application.
This is an IDP first flow. I am use mysql to store the sessions.
"Unable to find the current binding." means exactly that, that the current binding cannot be determined. Your saml20-idp-remote.php mentions HTTP-POST binding, and your log mentions Request method: 'GET', so probably something goes wrong while posting to https://…/module.php/saml/sp/saml2-acs.php/default-sp.
I'm just doing a wild guess here, but in my experience, the most common cause is a redirecting web server. Maybe you redirect to a different hostname? Do you force HTTPS? Check on the IdP that the URLs for the AssertionConsumerService are correct - they should lead directly to SimpleSamlPhp without any redirect.
I faced same situation.
THe saml entity was pointing to www.mysite.com
in the apache configuration we were redirecting www.mysite.com to mysite.com with redirect code 301, after changing to redirect code 307 to preserve get and post variables it started working fine.
Thanks,
Anubhav
Related
We are aware that PayPal rolling out upgrades to make use of SSL/TLS SHA256 for security purposes. Today i met with strange issue on PayPal Sandbox mode for my PayPal Adaptive Application even though my site follows HTTPS. To add further, same application works fine in Production(not sandbox).Please enlighten me, was this an issue in Application or Rollout issues? same issue reported in PayPal community but no response https://www.paypal-community.com/t5/About-Payments/Adaptive-payment-api-is-sending-Proxy-error/m-p/1091510
The proxy server could not handle the request AdaptivePayments/Pay Reason: Error during SSL
Handshake with remote server
07-27-2016 # 13:43:35 - Error in generate payment key: Array
[headers] => Array
[date] => Wed, 27 Jul 2016 13:43:35 GMT
[server] => Apache
[connection] => close
[http_x_pp_az_locator] => sandbox.slc
[paypal-debug-id] => 8913861a40cd4
[set-cookie] => Array
(
[0] => X-PP-SILOVER=name%3DSANDBOX3.APIT.1%26silo_version%3D1880%26app%3Dadaptivepaymentspartaweb_api3t%26TIME%3D2277152855%26HTTP_X_PP_AZ_LOCATOR%3Dsandbox.slc; Expires=Wed, 27 Jul 2016 14:13:35 GMT; domain=.paypal.com; path=/; Secure; HttpOnly
[1] => X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT
[response] => Array
(
[code] => 500
[message] => Proxy Error
)
[cookies] => Array
(
[0] => WP_Http_Cookie Object
(
[name] => X-PP-SILOVER
[value] => name=SANDBOX3.APIT.1&silo_version=1880&app=adaptivepaymentspartaweb_api3t&TIME=2277152855&HTTP_X_PP_AZ_LOCATOR=sandbox.slc
[expires] => 1469628815
[path] => /
[domain] => .paypal.com
[secure] =>
[httponly] =>
)
[1] => WP_Http_Cookie Object
(
[name] => X-PP-SILOVER
[value] =>
[expires] => 1
[path] => /AdaptivePayments/
[domain] => svcs.sandbox.paypal.com
Edit July 28th, 9:50am EDT: It appears the teams were able to track down what they believe to be the issue overnight, and released a code fix. Can you please verify that the problem has been fixed? I'll report back if that's not the case. Thanks.
We've had a few reports about failed requests on sandbox. I'm working with the sandbox and support teams internally in PayPal to figure out what's going on. Right now it looks like they're seeing the error responses and have teams on it to diagnose the problem. Just to note, this does look like it's restricted to sandbox and not any of the production servers. I'll post back when I hear more.
I'm in Amazon's API Gateway, and any change to the Mapping Templates section of the Integration Response breaks the Resource/Method (causes the Test to return an error) and cannot be fixed (you must delete the Resource/Method and create a new one).
I create a new Resource, then create a new Method (POST) under that.
I map this to a simple Lambda function (it doesn't require any parameters and only returns/logs 'hi').
I test this, and it succeeds.
I go into Integration Response, and I change the Mapping Templates ... I change application/json to application/xml and I change 'Output passthrough' to 'Mapping template'.
I enter this as the template:
#set($inputRoot = $input.path('$'))
<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Message>
<Body>
$inputRoot
</Body>
</Message>
</Response>
I save that by clicking the checkbox and by clicking the Save button.
I go back to test it
This is the result:
{
"message": "Internal server error"
}
This is the content of the Logs output (I replaced potentially sensitive information with [explanation here] since I'm not sure what's sensitive or not):
Execution log for request test-request
Sun Dec 06 17:33:50 UTC 2015 : Starting execution for request: test-invoke-request
Sun Dec 06 17:33:50 UTC 2015 : API Key: test-invoke-api-key
Sun Dec 06 17:33:50 UTC 2015 : Method request path: {}
Sun Dec 06 17:33:50 UTC 2015 : Method request query string: {}
Sun Dec 06 17:33:50 UTC 2015 : Method request headers: {}
Sun Dec 06 17:33:50 UTC 2015 : Method request body before transformations: null
Sun Dec 06 17:33:50 UTC 2015 : Endpoint request URI: [lambda uri here]
Sun Dec 06 17:33:50 UTC 2015 : Endpoint request headers: {Authorization=[lots of * here], X-Amz-Date=20151206T173350Z, X-Amz-Source-Arn=[arn here], Accept=application/json, User-Agent=AmazonAPIGateway_[string here], Host=lambda.us-east-1.amazonaws.com}
Sun Dec 06 17:33:50 UTC 2015 : Endpoint request body after transformations:
Sun Dec 06 17:33:50 UTC 2015 : Endpoint response body before transformations: "hi"
Sun Dec 06 17:33:50 UTC 2015 : Endpoint response headers: {x-amzn-Remapped-Content-Length=0, x-amzn-RequestId=[data here], Connection=keep-alive, Content-Length=12, Date=Sun, 06 Dec 2015 17:33:50 GMT, Content-Type=application/json}
Sun Dec 06 17:33:50 UTC 2015 : Execution failed due to configuration error: No match for output mapping and no default output mapping configured
Sun Dec 06 17:33:50 UTC 2015 : Method completed with status: 500
I also tried going into Method Response, and changing the Content Type for Response Models for 200 from application/json to application/xml ... That produced the same error.
I also tried, at this point, to revert my changes ... Method Response back to application/json & Integration Response back to application/json and 'Output passthrough' ... That produced the same error - it's like this API Resource/Method is now permanently broken.
I also tested another new Resource, changing only the Content Type for Response Models for 200 in Method Response from 'application/json' to 'application/xml' ... This resulted in a successful test.
I also tried a more minor change to the Mapping Templates in Integration Response ... Rather than a full switch from 'Output passthrough' to 'Mapping Template', I just changed the content type from application/json to application/xml ... This resulted in the same error.
So it seems like the root cause is changing from Output Passthrough to Mapping Template ... Once that change is made, the test will fail & you will not be able to return it to a passing state - you must delete the Resource/Method entirely & start a new one.
Also, to be clear, there are no deploys throughout any of this process - I'm strictly working in the AWS console itself, using their 'Test' link in the web interface.
Anyone know what's going on here?
I'm also trying to get an answer in their Discussion Forum, but those threads usually aren't nearly as active as here...
Added Note
I do have a functional deploy running, which uses this mapping template. That deploy is from 18:35 12-05-2015, so it's possible that this is a new error/change in the Amazon API Gateway...
This must have been a temporary issue with API Gateway, because the issue is gone now.
There's one caveat:
NEVER click the big Save button on the Integration Response page. That seems to cause issues, at least as of today (2015-12-05).
I spoke with amazon's support staff and its a known issue. As long as you don't press the Save button you should be fine but once you do there is no going back.
Just press the checkbox thing when making changes to the template and refresh the page. That seems to work for me.
There was an issue with APIs when saving the default integration response mapping. The bug caused requests to your API methods that were saved incorrectly to return a 500 error, the CloudWatch logs should say "Execution failed due to configuration error: No match for output mapping and no default output mapping configured".
The issue is now resolved. If you are experiencing this, please re-deploy your API configuration.
For more information, please refer to this AWS forums entry: https://forums.aws.amazon.com/thread.jspa?threadID=221197&tstart=0
Regards,
Jurgen
The issue is now resolved. It's now safe to save the default integration response. If your deployed APIs are having issues, a redeploy should resolve the problem. Thanks for your patience.
Ryan
I'm trying to create an API using AWS API gateway
first I have created a resource as /sample
then created a method GET
provided Endpoint-URL and saved it.
In the Method Execution pane, select Method Request, added HTTP Request Headers as "Authorization" , added this to pass basic authentication details to back-end url since service is secured with basic authentication,
In the Method Execution pane, choose Integration Request, mapped HTTP Headers, Mapped from as "method.request.path.Authorization"
Choose Method Execution, and in the Client box, choose TEST, passed Header Authorization - Basic XXXXXX
After finished all the configuration successfully, tested the API , getting "message": "Internal server error" status code -500
For your reference my back-end service is running in the amazon-linux machine.
Checked logs:
Execution log for request test-request
Tue Sep 08 16:43:54 UTC 2015 : Starting execution for request: test-invoke-request
Tue Sep 08 16:43:54 UTC 2015 : API Key: test-invoke-api-key
Tue Sep 08 16:43:54 UTC 2015 : Method request path: {}
Tue Sep 08 16:43:54 UTC 2015 : Method request query string: {}
Tue Sep 08 16:43:54 UTC 2015 : Method request headers: {Authorization=************p1c2Vy}
Tue Sep 08 16:43:54 UTC 2015 : Method request body before transformations: null
Tue Sep 08 16:43:54 UTC 2015 : Execution failed due to configuration error: Invalid endpoint address
Could you please let me know how to resolve this issue?
try method.request.header.Authorization
Varun is right, your mapping expression is wrong.
The expression format for parameters in the request is "method.request.[source].[name]" where source is path/querystring/header and name is the name of the parameter as defined in the method request.
For the integration response, the format is the same exception you'd replace request with response and also note that only headers are available to map in the response.
If you want a quick fix just to start and get your API worked then follow these steps:
Steps
Login to AWS console
Go to "API Gateway" dashboard, select the resource(API) you need to invoke then select the method underneath (GET/POST/...)
On the method execution workflow, click on the "Method Response panel" and add status code 200 then you can add some headers for that.
Choose the "Response Body" and add "Application/json" with "Empty" model.
You should also click "Integration Request panel" and uncheck "Use Lambda Proxy integration" [as per attached image]
Last step
deploy your API into the stage(dev/test/prod)
I setup the UMS-email driver in SOA 11.1.1.7 em to read emails from our company email account. I used POP3 and enabled SSL. I also imported the SSL Certificate using openSSL. This is how the keystore looks like when I look at it:
Your keystore contains 5 entries
certgenca, Mar 22, 2002, trustedCertEntry,
Certificate fingerprint (MD5): A1:B2:C3:D4:E5:F6:G7:H8:I9:J0:K1:L2:M3:N4:O5:P6
-outlook.companyname.com, Apr 29, 2015, trustedCertEntry,
However, when I restarted the SOA server and the admin server, I see the following error in the soa_server1.out log file over and over again. Any help would be much appreciated:
DEBUG: setDebug: JavaMail version 1.4.1
DEBUG: getProvider() returning javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]
DEBUG POP3: connecting to host "outlook.companyname.com", port 443, isSSL false
C: QUIT
<Apr 30, 2015 11:12:39 AM AKDT> <Error> <oracle.sdp.messaging.driver.email> <SDP-26123> <Could not initialize Email Store for user username >
<Apr 30, 2015 11:12:39 AM AKDT> <Error> <oracle.sdp.messaging.driver.email> <SDP-25700> <An unexpected exception was caught.
javax.mail.MessagingException: Connect failed;
nested exception is:
java.net.SocketException: Connection reset
at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:161)
at javax.mail.Service.connect(Service.java:288)
at javax.mail.Service.connect(Service.java:170)
at oracle.sdpinternal.messaging.driver.email.Pop3EmailStore.initStore(Pop3EmailStore.java:158)
at oracle.sdpinternal.messaging.driver.email.Pop3EmailStore.initStore(Pop3EmailStore.java:132)
at oracle.sdpinternal.messaging.driver.email.EmailResourceAdapter.createEmailStore(EmailResourceAdapter.java:1292)
at oracle.sdpinternal.messaging.driver.email.MailboxPollingWorker.getInitializedEmailStore(MailboxPollingWorker.java:104)
at oracle.sdpinternal.messaging.driver.email.MailboxPollingWorker.run(MailboxPollingWorker.java:47)
at weblogic.connector.security.layer.WorkImpl.runIt(WorkImpl.java:108)
at weblogic.connector.security.layer.WorkImpl.run(WorkImpl.java:44)
at weblogic.connector.work.WorkRequest.run(WorkRequest.java:95)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:788)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
at java.io.BufferedInputStream.read(BufferedInputStream.java:238)
at java.io.DataInputStream.readLine(DataInputStream.java:496)
at com.sun.mail.pop3.Protocol.simpleCommand(Protocol.java:360)
at com.sun.mail.pop3.Protocol.<init>(Protocol.java:104)
at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java:214)
at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:157)
at javax.mail.Service.connect(Service.java:288)
at javax.mail.Service.connect(Service.java:170)
at oracle.sdpinternal.messaging.driver.email.Pop3EmailStore.initStore(Pop3EmailStore.java:158)
at oracle.sdpinternal.messaging.driver.email.Pop3EmailStore.initStore(Pop3EmailStore.java:132)
at oracle.sdpinternal.messaging.driver.email.EmailResourceAdapter.createEmailStore(EmailResourceAdapter.java:1292)
at oracle.sdpinternal.messaging.driver.email.MailboxPollingWorker.getInitializedEmailStore(MailboxPollingWorker.java:104)
at oracle.sdpinternal.messaging.driver.email.MailboxPollingWorker.run(MailboxPollingWorker.java:47)
at weblogic.connector.security.layer.WorkImpl.runIt(WorkImpl.java:108)
at weblogic.connector.security.layer.WorkImpl.run(WorkImpl.java:44)
at weblogic.connector.work.WorkRequest.run(WorkRequest.java:95)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
>
So I figured it out, changed POP3 to IMAP, disabled SSL and used port 143 and it is working now. Hope this helps someone someday.
I want to use perl with Module LWP to get the XML info from Restful Webservice.
Here is the Code:
my $ua = LWP::UserAgent->new;
$ua->proxy(['http','https'],'http://proxy:3128');
$ua->default_header('Accept-Charset'=>'utf-8');
$ua->default_header('Accept'=>'application/*********; version=1');
my $url= 'https://user:password#mailbox.********.net/mailboxes/?emailaddress=name#domain.net';
print Dumper($ua->get($url));
It works always good for all the email address like .eu, .org or .net, except for the email address ends with .com. (For example: name#domail.com)
The error message is:
The following error was encountered while trying to retrieve the URL:
https://user#mailbox.******.net/mailboxes/?
Access Denied.
Access control configuration prevents your request from being allowed at this time.
Please contact your service provider if you feel this is incorrect.
Your cache administrator is *****#**.**
The corresponded Response HEAD:
'_headers' => bless( {
'connection' => 'close',
'client-response-num' => 1,
'date' => 'Wed, 19 Nov 2014 15:53:45 GMT',
'x-squid-error' => 'ERR_ACCESS_DENIED 0',
'client-peer' => '****:3128',
'content-length' => '3502',
'client-date' => 'Wed, 19 Nov 2014 15:53:45 GMT',
'content-type' => 'text/html',
'mime-version' => '1.0',
'title' => 'ERROR: The requested URL could not be retrieved',
'server' => 'squid/3.1.12',
'x-cache' => 'MISS from proxy',
'x-cache-lookup' => 'NONE from proxy:3128'
}, 'HTTP::Headers' ),
I have tested with SoapUI and curl, they didn't meet this problem. That means .com works also with SoapUI and cuil. Only in perl with LWP, it gets problem.
Anyway when I added a dummy parameter like
https://**/mailboxes/?emailaddress=name#domain.com&foo=bar at the end of the link, it works.
I have no idea, if it's a bug in LWP or maybe some incompatible issue between LWP and Proxy Setting.
Access Denied.
Access control configuration prevents your request from being allowed at this time.
Please contact your service provider if you feel this is incorrect.
...
'x-squid-error' => 'ERR_ACCESS_DENIED 0',
There is an ACL in the proxy you use which denies your request.
If you have access to the proxy configuration check there, otherwise contact you cache administrator with your problem.