Uploaded image for project: 'OpenSAML - C++'
  1. OpenSAML - C++
  2. CPPOST-33

Crash evaluating assertion with missing SubjectConfirmation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0, 2.1, 2.2, 2.2.1
    • Fix Version/s: 2.3
    • Component/s: SAML 2
    • Labels:
      None
    • Operating System:
      Multiple
    • CPU Type:
      Multiple
    • C/C++ Compiler:
      Multiple

      Description

      I am trying to use shibboleth with an inhouse IdP (written in c#) and during the processing of the Response shibd.exe crashes. The non debug version of shibd causes the following

      unknown software exception (0xc0000417) occurred in the application

      with the windows event log registering the following

      Faulting application shibd.exe, version 2.2.1.0, faulting module msvcr90.dll, version 9.0.30729.4148, fault address 0x000348eb.

      and I have attached a snapshot of the error when running the debug version.

      My native.log shows the following

      ============================
      2009-08-26 10:20:22 DEBUG Shibboleth.ISAPI [4340] isapi_shib: mapped http://localhost/Shibboleth.sso/SAML2/POST to default
      2009-08-26 10:20:22 DEBUG Shibboleth.ISAPI [4340] isapi_shib_extension: mapped http://localhost/Shibboleth.sso/SAML2/POST to default
      2009-08-26 10:20:22 DEBUG Shibboleth.Listener [4340] isapi_shib_extension: sending message (default/SAML2/POST)
      2009-08-26 10:20:22 DEBUG Shibboleth.Listener [4340] isapi_shib_extension: send completed, reading response message
      2009-08-26 10:20:26 ERROR Shibboleth.Listener [4340] isapi_shib_extension: error reading size of output message
      2009-08-26 10:20:26 ERROR Shibboleth.ISAPI [4340] isapi_shib_extension: Failure receiving response to remoted message (default/SAML2/POST).
      2009-08-26 10:20:26 DEBUG Shibboleth.ISAPI [4340] isapi_shib: mapped http://localhost/shibboleth-sp/main.css to default
      ===========================

      The bug shows up both on Windows 2003 with IIS 6 and WindowsXP with IIS 5.1.

      I have tried giving full permissions to everyone on the logdirectory and its contents but the error still pops up.

      Cheers
      David

      Sample Idp Response

      <?xml version="1.0" encoding="utf-16"?>
      <samlp:Response xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_d28b5b1d-6a02-4161-9704-a72d5d42e6ff" InResponseTo="_ece28f400169c43d12842bb80de754c0" Version="2.0" IssueInstant="2009-08-26T09:46:40.8549988Z" Destination="http://localhost/Shibboleth.sso/SAML2/POST" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
      <saml:Issuer>http://idp/saml2/SSO/POST</saml:Issuer>
      <samlp:Status>
      <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
      </samlp:Status>
      <saml:Assertion Version="2.0" ID="_0e08a8dd-f3b7-4e9b-a102-8405eb37c9ea" IssueInstant="2009-08-26T09:46:40.3393507Z">
      <saml:Issuer>http://idp/saml2/SSO/POST</saml:Issuer>
      <saml:Subject>
      <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_abe073e9-eafb-4caf-a20f-29458bd1b8b8</saml:NameID>
      </saml:Subject>
      <saml:Conditions NotBefore="2009-08-26T09:46:40.3393507Z" NotOnOrAfter="2009-08-26T09:49:40.3393507Z" />
      <saml:AuthnStatement AuthnInstant="2009-08-26T09:46:39.8393283Z" SessionIndex="1">
      <saml:AuthnContext>
      <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:password</saml:AuthnContextClassRef>
      </saml:AuthnContext>
      </saml:AuthnStatement>
      <saml:AttributeStatement>
      <saml:Attribute Name="Roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Roles">
      <saml:AttributeValue xsi:type="xs:string">Admin</saml:AttributeValue>
      <saml:AttributeValue xsi:type="xs:string">Support</saml:AttributeValue>
      </saml:Attribute>
      </saml:AttributeStatement>
      <saml:AttributeStatement>
      <saml:Attribute Name="Username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Username">
      <saml:AttributeValue xsi:type="xs:string">davids</saml:AttributeValue>
      </saml:Attribute>
      </saml:AttributeStatement>
      </saml:Assertion>
      </samlp:Response>

        Attachments

        1. error.JPG
          59 kB
          David Silcott
        2. example-metadata.xml
          2 kB
          David Silcott
        3. request.txt
          0.7 kB
          David Silcott
        4. response.txt
          3 kB
          David Silcott

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            lavapatch David Silcott
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: