Skip to Content.

cat-users - Re: [cat-users] Can't login eduroam admin

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [cat-users] Can't login eduroam admin


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Massimiliano Ritossa <ritossa AT sissa.it>
  • Cc: cat-users AT geant.net
  • Subject: Re: [cat-users] Can't login eduroam admin
  • Date: Thu, 12 Sep 2013 16:57:12 +0200
  • List-archive: <https://mail.geant.net/mailman/private/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Hi,

> Hi, i'm trying to login to "manage my IdP" but when i select my istitution
> (SISSA) from eduGAIN list i get an error message: "Message did not meet
> security requirements".

The usual reason for this is a mismatch of metadata of your IdP and the
eduroam Support Services SP proxy; a problem very much outside of
eduroam CAT; we merely sit behind that proxy and have to assume that it
delivers authenticated users to CAT.

We have informed eduroam Operations Team to investigate why this happens
with your IdP (it seems that other IdPs are unaffected).

> On IdP side log reports:
> "Simple signature validation (with no request-derived credentials) failed
> WARN
> [org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule:138]
> - Validation of request simple signature failed for context issuer:
> https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp
> WARN
> [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:406]
> - Message did not meet security requirements
> org.opensaml.ws.security.SecurityPolicyException: Validation of request
> simple signature failed for context issuer"

The mere fact that you see these debug logs pretty much makes clear that
you are the IdP administrator or at least someone very much in-the-know :-)

In that case, as a self-service hint: you could verify if the eduGAIN
metadata feed was imported correctly and contains the eduroam SP proxy
and that you have enabled that SP as a trusted destination.

For further investigations, you will be contacted by eduroam OT.

Greetings,

Stefan Winter

>
> My suspect is that i miss a certificate but i'm wondering if there's
> something wrong on your side.
> thk
>
> --
> Massimiliano Ritossa
> ITCS (Information Technology and Computing Services)
> SISSA - www.sissa.it
> Via Bonomea 265, 34136 Trieste ITALY | Ph: +39 040 3787 552
>
>

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Archive powered by MHonArc 2.6.19.

Top of Page