User-Agent string for AttributeQuery is throwing junk into request
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Environment
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
Linux weency.doit.wisc.edu 2.6.18-194.3.1.el5 #1 SMP Sun May 2 04:17:42 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
Activity
Show:
Scott Cantor January 16, 2011 at 7:33 PM
Fixed
Pinned fields
Click on the next to a field label to start pinning.
Created January 15, 2011 at 8:44 PM
Updated June 24, 2021 at 3:41 PM
Resolved January 16, 2011 at 7:33 PM
I just got around to implementing our first 2.4 SP and configured it to do AttributeResolver. We ended up having a weird 400 error.
2011-01-14 17:13:53 ERROR Shibboleth.AttributeResolver.SimpleAggregation [16]: exception during SAML query to https://aa.qa.iam.wisconsin.edu:8443/aa/profile/SAML2/SOAP/AttributeQuery: CURLSOAPTransport failed while contacting SOAP endpoint (https://aa.qa.iam.wisconsin.edu:8443/aa/profile/SAML2/SOAP/AttributeQuery): The requested URL returned error: 400
On the IdP the http logs are:
144.92.201.198 - - [14/Jan/2011:17:13:53 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 400 416 "-" "9X\r\x05 m*o%j~s\x8ao\x9b\xabv!Y#\x01\x17\xe8\x9b\x9a\xa5\xcb\xf8Ovy\xa3\xd683\xec\x05\x9a\xca\x8d\x17J\x9dS\xe3\x973a\x16\x19O\x9d]\x98\x85F\x8f\x8d\x9c\xc5\xd3\xdb\xd2,\x8b\x84\xbf\xd5\x85\xfai\xf5q\x878?TG\xa0\x84\xb2\x87Q\x1a\xe7\xbd\x9a\xfdHk\x89l\r\x1a\xb5\x89d\xc9\xc5O#?\x9d\xbd*\x07\xf8BDX\xf7[6\xb9\xf0Uy\xd2\xe9\xa7o\x83%\xd5\x07z\x10\xdf\x1d{\xbaP$\xc2\x96gt\xf1\xcd\xe9\xb2$\xc7 \xae\xb2]\xa3(~\x9b\xec_Ho\xc8\xf9\xc6\r\xc2v" 289 28717
The other requests from the 2.4 SP have similarly bad user agent strings
144.92.201.198 - - [14/Jan/2011:16:01:43 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "" "" 336762 5718
144.92.201.198 - - [14/Jan/2011:16:11:34 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "-" "" 364532 5721
144.92.201.198 - - [14/Jan/2011:16:17:58 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "-" "\x03" 199589 28716
144.92.201.198 - - [14/Jan/2011:16:21:30 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "-" "\x03" 221131 22016
144.92.201.198 - - [14/Jan/2011:16:26:08 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "" "" 141626 32369
144.92.201.198 - - [14/Jan/2011:16:27:32 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "-" "\x06" 87909 29939
144.92.201.198 - - [14/Jan/2011:17:03:31 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "-" "(\xdb\xfa\xfd\xae*" 189379 7576
144.92.201.198 - - [14/Jan/2011:17:13:08 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "-" "(\xdb\xfa\xfd\xae*" 130817 30622
144.92.201.198 - - [14/Jan/2011:17:13:41 -0600] "POST /aa/profile/SAML2/SOAP/AttributeQuery HTTP/1.1" 200 2591 "-" "q" 256945 28237
The requests for the metadata are as expected though:
144.92.201.198 - - [14/Jan/2011:15:30:53 -0600] "GET /metadata/wi-federation-metadata.xml HTTP/1.1" 200 233900 "-" "shibboleth/2.4 OpenSAML/2.4.0 XMLTooling/1.4.0 XML-Security-C/1.6.0 Xerces-C/3.1.1 log4shib/1.0.4 libcurl/7.15.5 OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008" 5863 32342