Hi,
I've tested the authentification without LDAP. Instead of using LDAP I
chosed the simplest authentication with "tomcat-users.xml"
As result I sometimes get the same error message:
2007-07-01 20:43:31 INFO SAML.SAMLSOAPHTTPBinding [31] sessionGet: sending
SOAP message to https://www.identity-provider.de/shibboleth-idp/AA
2007-07-01 20:43:31 ERROR SAML.SAMLSOAPHTTPBinding [31] sessionGet: failed
while contacting SAML responder: error:1408F06B:SSL
routines:SSL3_GET_RECORD:bad decompression
I wrote that you 've already worked with shibboleth. Could be the reason
that I configured the certificate wrong? I should mentioned that I only
built a local network for testing the shibboleth system.
I also looked at my error logfile of apache and I have this following
message:
[Sun Jul 01 20:31:51 2007] [warn] RSA server certificate CommonName (CN)
`www.identity-provider.de' does NOT match server name!?
It's this a grave message?
I hope u can give me some advise since I really don't have any idea what I
've done wrong.
Best wishes,
Thang Tran
On Fri, 22 Jun 2007 03:11:25 +0200, Neil Witheridge
<[EMAIL PROTECTED]> wrote:
I received a similar error while deploying Shibboleth, reading
attributes from an openLDAP directory:
ERROR shibd.Listener [29] sessionNew: caught exception while creating
session: SOAPHTTPBindingProvider::send() failed while contacting SAML
responder: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
The cause of the error appears to be a '$' character in an LDAP
attribute postalAddress.
The attribute postalAddress uses $ as a line delimiter:
See
http://www.red-hat.com/docs/manuals/dir-server/deploy/7.1/schema.html
for example:
"The postalAddress attribute expects an attribute value in the form of a
multi-line string that uses dollar signs ($) as line delimiters. A
properly formatted directory entry appears as follows:
postalAddress: 1206 Directory Drive$Pleasant View, MN$34200"
However inclusion of the '$' character causes a bad decompression error
(error doesn't occur when it is removed).
Neil Witheridge.
--- in response to:
Hi,
I get the following error message and I don't no the reason for that.
2007-06-12 12:21:56 INFO SAML.SAMLSOAPHTTPBinding [45] sessionGet:
sending
SOAP message to
https://kn.identity-provider.de:8443/shibboleth-idp/AA2007-06-12
12:21:56
ERROR SAML.SAMLSOAPHTTPBinding [45] sessionGet: failed while contacting
SAML responder: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad
decompression
2007-06-12 12:21:56 ERROR shibtarget.SessionCache [45] sessionGet:
caught
SAML exception during SAML attribute query:
SOAPHTTPBindingProvider::send() failed while contacting SAML responder:
error:1408F06B:SSL routines:SSL3_GET_RECORD:bad decompression
2007-06-12 12:21:56 ERROR shibtarget.SessionCache [45] sessionGet: no
response obtained
I suppose there is a ssl problem regards with compatibility or it due to
a build or library compatibility issue?!? How I could solve my problem?
Furthermore I don't the meaning of this error message:
"...error:1408F06B:SSL routines:SSL3_GET_RECORD:bad
decompression..."
Hope someone can help me.
Cheers,
tt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
