Closed crdaudt closed 8 years ago
Two things to check.
general-authn.xml
file. Is the authn/Shibcas
block defined there? idp.properties
as:idp.authn.flows = Shibcas
Yes to both of your questions. I am attaching both files in this post (with keys/passwords masked). two_files.zip
Thanks, jtgasper3, for your suggestions. I am still struggling with this issue, so any other ideas? I have included the following for tomcat 8.0 CATALINA_OPTS:
-Didp.home=e:\shibboleth3\idp\ (I tried both with and without the tailing '\')
I also tried gleaning more information by setting idp.loglevel.idp to "DEBUG" in logback.xml, but that did not seem to provide any more relevant log information from what I already provided above.
Any ideas? Can anyone see any issues with my configuration of general-authn.xml or idp.properties (see uploaded zip file in my previous post)?
Here are a few more lines from my idp-process.log (with DEBUG lines included):
--BEGIN-- 2016-09-16 09:06:05,194 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:257] - Profile Action SelectAuthenticationFlow: No specific Principals requested 2016-09-16 09:06:05,210 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:292] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow 2016-09-16 09:06:05,210 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:334] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Shibcas 2016-09-16 09:06:05,304 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception org.springframework.webflow.definition.registry.NoSuchFlowDefinitionException: No flow definition 'authn/Shibcas' found at org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl.getFlowDefinitionHolder(FlowDefinitionRegistryImpl.java:123) 2016-09-16 09:06:05,491 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: RuntimeException --END--
Is this a typo: shibcs-authn-beans.xml
? or an actual name of the file?
Also, what does your web.xml look like, if any?
Yes, I had misspelled shibcas-authn-bean.xml in my original post. I have corrected the spelling. I am attaching a copy of our web.xml file. path_to_web.xml_file.zip
OK, we have solved our issue by doing the following two changes:
<context-param>
<param-name>idp.home</param-name>
<param-value>E:/shibboleth3/idp</param-value>
</context-param>
END
I had not thought that this web.xml setting would be necessary in our shibboleth container, because I already had appended the setting "-Didp.home=E:\shibboleth3\idp\" to CATALINA_OPTS (since our implementation is on an MS Windows platform, I had used "tomcat8w.exe //ES//Thanks, mmoayyed, for prompting me to look at our shibboleth container's web.xml file. I am curious as to why the global definition within CATALINA_OPTS was not sufficient. Also, did I miss some documentation about where to define idp.home? In any case, we are now able to move forward.
Pleasure.
You should be able to do the same with -Didp.home=xyz but I admit I have never done that sort of thing on Windows. The debacle of "Backslash vs forward-slash" should really be reported to the U.N. :)
What was your global definition like? If I remember correctly, I think I set that value directly in startup.bat or catalina.bat.
Neglected to mention that you're welcome to play around with those 2 batch files, and if you were able to work it out, please submit a PR to clarify this in the docs.
Sorry for the delayed response. And thanks again for your assistance in resolving my issue with my setting for idp.home not being recognized in my Windows installation of Shibboleth v3 IdP.
You asked what my tomcat global definition was like. My
You also asked that I submit a PR to clarify the additional requirement for setting idp.home for Windows installations in the docs. I believe the Shibboleth IdP docs that need to be updated are located at https://wiki.shibboleth.net/confluence/display/IDP30/ApacheTomcat8 and https://wiki.shibboleth.net/confluence/display/IDP30/WindowsInstallation. Also, in the shib-cas-authn3 download (https://github.com/Unicon/shib-cas-authn3), the same clarrification might be helpful in the Readme.md file. I am not sure how to submit a PR for these docs.
In conclusion, the solution to my issue with setting idp.home in my Windows installation was to also set it in
Gotcha. web.xml change is fine, and thinking more about this, you probably should update the shibboleth wiki to include that option as well, if needed. Dont think we need a PR here; for the wiki, you should just be able to log in with your IdP and edit away.
Thanks for the follow-up.
If one reads carefully, the Shib wiki already documents the need to set idp.home for Tomcat or Jetty, if not using the standard path and/or not using the "installed by the Shib IdP MSI version of Jetty". If you search for 'idp.home' on the wiki, you'll see that. Now the Tomcat doc really only highlights the standard path for a Linux install (although /opt/shibboleth-idp was also the standard path for a IdPv2 Windows install using Tomcat), so one could argue that the docs could use further clarification. But the basic idea is already mentioned.
On Oct 3, 2016, at 2:56 PM, Misagh Moayyed notifications@github.com wrote:
Gotcha. web.xml change is fine, and thinking more about this, you probably should update the shibboleth wiki to include that option as well, if needed. Dont think we need a PR here; for the wiki, you should just be able to log in with your IdP and edit away.
Thanks for the follow-up.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Unicon/shib-cas-authn3/issues/14#issuecomment-251209130, or mute the thread https://github.com/notifications/unsubscribe-auth/AA3QiD222TgR5znwcZmiuSIqF-MjQSBMks5qwV4BgaJpZM4J9Nt_.
Michael A. Grady IAM Architect, Unicon, Inc.
My issue appears very similar to that posted by eryaza01 on Apr 21, 2015 (https://github.com/Unicon/shib-cas-authn3/issues/4). I have installed a new instance of Shibboleth IDP v3.2.1.1 on a Windows Server 2012 platform, and am attempting to install/configure shib-cas-authn3. I am also receiving the "No flow definition 'authn/Shibcas' found" error. The relevant error messages in idp-process.log are:
--BEGIN-- 2016-09-14 16:07:07,806 - ERROR [net.shibboleth.idp.authn:-2] - Uncaught runtime exception org.springframework.webflow.definition.registry.NoSuchFlowDefinitionException: No flow definition 'authn/Shibcas' found at org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl.getFlowDefinitionHolder(FlowDefinitionRegistryImpl.java:123) 2016-09-14 16:07:07,915 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: RuntimeException --END--
When I installed the IDP, I set idp.home to E:\shibboleth3\idp . My shibcas-authn-beans.xml and shibcas-authn-flow.xml files are both located E:\shibboleth3\idp\flows\authn\Shibcas . I am not sure why I am getting the error message.