Invalid message with artefact POST from SP to IDP
When using artefact POST from SP to IDP (so configured in the SSO binding for IDP in SP Manager), we get an error:
{panel:title=SP error log} [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Use method ARTIFACT POST with IDP VM2 for SSO profile [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Set 077713e24edccfe2a9f165c4ba3628b7 in RelayState [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: SSO request will be signed [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Keep artifact AAQAACHaSSDwlBfDhRsm3Hy6hV6x/31eN0QxN0I4NURDOTA5NDZGQzFGRTE= in session 1729f106b3fffc5af02c35fcfdc8b5e5 [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Authentication request created [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Keep request ID _2581300D6CF3EB877D00727994FEC013 in assertion session 8a51f133fd18d14b13b16d8d7113699a [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub autoPost [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: POST form action: http://auth.vm2.lemonsaml.linagora.com/saml/singleSignOnArtifact [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: POST field RelayState: 077713e24edccfe2a9f165c4ba3628b7 [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: POST field SAMLart: AAQAACHaSSDwlBfDhRsm3Hy6hV6x/31eN0QxN0I4NURDOTA5NDZGQzFGRTE= [Thu Aug 19 10:19:26 2010] [debug] mod_deflate.c(615): [client 213.41.232.151] Zlib: Compressed 1104 to 666 : URL /index.pl, referer: http://auth.vm1.lemonsaml.linagora.com/ [Thu Aug 19 10:19:26 2010] [error] [client 213.41.232.151] File does not exist: /usr/local/lemonldap-ng/htdocs/portal/favicon.ico [Thu Aug 19 10:19:26 2010] [debug] mod_deflate.c(615): [client 213.41.232.151] Zlib: Compressed 370 to 277 : URL /favicon.ico [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub controlUrlOrigin [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub checkNotifBack [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub controlExistingSession [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub issuerDBInit [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub authInit [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Restore server from cache [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Load IDPs from cache [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub issuerForUnAuthUser [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: processing to sub extractFormInfo [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: URL http://auth.vm1.lemonsaml.linagora.com/saml/artifact detected as an artifact resolution service URL [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination http://auth.vm1.lemonsaml.linagora.com/saml/artifact found in SAML message [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Destination match URL http://auth.vm1.lemonsaml.linagora.com/saml/artifact [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Found 1 sessions for artifact AAQAACHaSSDwlBfDhRsm3Hy6hV6x/31eN0QxN0I4NURDOTA5NDZGQzFGRTE= [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Artifact session 1729f106b3fffc5af02c35fcfdc8b5e5 (ID AAQAACHaSSDwlBfDhRsm3Hy6hV6x/31eN0QxN0I4NURDOTA5NDZGQzFGRTE=) was deleted [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Response loaded [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: No session_id in artifact session [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Artifact response built [Thu Aug 19 10:19:26 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Send SOAP Message: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:ArtifactResponse ID="_D60DD8BB0EB9369B3F6FA32DC3C46879" InResponseTo="_B1FE9F8895E227316219F702357BE4EE" Version="2.0" IssueInstant="2010-08-19T08:19:26Z">saml:Issuerhttp://auth.vm1.lemonsaml.linagora.com/saml/metadata</saml:Issuer>\n\n\n\n\n\n\n\n\n\n9pwQut2Ve69QB2uwyp1pLLyr9zI=\n\n\nnzoF6wh/nCc/tjwmXKEgW1G77hsiw6AxsWvP1wpxaoxdLLFZo7atGvgZFESkmCVZ\nfOHBNE5A1MreRJQKIiRUcEbcySGT5XAArGwqxppln1zYPWlrkun4v/WXR2UQ6J8E\nkL/31osERGxMGnoMum/Fol3wsiYlkvacOdVKq/Hjr3uUkd4LFUDKFQBVbSsDEQXf\nbc+G2Ay1H2837hWNjNgif23QacS9EX+eYBvvhgySbUmrwAzvGXEN5bAJtg5/Dcyh\nGzR58eLyyaIjeBzEEfn7wH+geM+tQfILNru2lI5YaZqqhiDNwOGN3ksupd4NoryL\nSwG1D1U88eAON02Bt8GEFg==\nsamlp:Status<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><samlp:AuthnRequest ID="_2581300D6CF3EB877D00727994FEC013" Version="2.0" IssueInstant="2010-08-19T08:19:26Z" Destination="http://auth.vm2.lemonsaml.linagora.com/saml/singleSignOnArtifact" ForceAuthn="false" IsPassive="false">saml:Issuerhttp://auth.vm1.lemonsaml.linagora.com/saml/metadata</saml:Issuer>\n\n\n\n\n\n\n\n\n\n0XnTJ5JqQQ1WOsnUDxwxc5Z18QE=\n\n\np94GNHw1wTHNQarOKPubPkW4VqygY+27uwPXfxoYijoTGAibIXldGxtY3YtuH4ZX\n0zC85nryT0ITN46l5L3/U3eNLWFfulSYTvRnro7ml6bI0rAywepk1mk5Ac6Hu3lS\nHO5fcVLTJ0ukFw4j+5dRybUeB1FqyIAqayo73AtQG/Q6H8limt1ANg4IKZBxVLtc\nGMj/heg0YRv+JuThfgKt99MuySWX8//TlYw2sFIuF7dk/5oX5E1EGtwT0T9MqFU5\nJRXsQHGmrAB5jRCRvc0DZBopDAY6xOmCEdUsPhJb7h7uqnEn40a4j2Z6UIESlEYS\nFeIqEM61auJV3I7ZCW6qZw==\n<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" SPNameQualifier="http://auth.vm1.lemonsaml.linagora.com/saml/metadata" AllowCreate="true"/></samlp:AuthnRequest></samlp:ArtifactResponse></s:Body></s:Envelope> {panel}
{panel:title=IDP error log} [Thu Aug 19 10:19:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: HTTP-POST: SAML Artifact AAQAACHaSSDwlBfDhRsm3Hy6hV6x/31eN0QxN0I4NURDOTA5NDZGQzFGRTE= [Thu Aug 19 10:19:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Send message <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:ArtifactResolve ID="_B1FE9F8895E227316219F702357BE4EE" Version="2.0" IssueInstant="2010-08-19T08:19:33Z" Destination="http://auth.vm1.lemonsaml.linagora.com/saml/artifact">saml:Issuerhttp://auth.vm2.lemonsaml.linagora.com/saml/metadata</saml:Issuer>\n\n\n\n\n\n\n\n\n\nyJgntAuO7IfgT6LODfb5PFBb4Us=\n\n\nZVBimyTjHiUY29iog3sVOSUQSCzJ3sWkCtMccJZN3K51+oj63bxMFqaaSY7nJn8S\n2wyyhndMnIgwZ8tjVbCe9zrjhsAG5VhAGPqpDK/VOkjqOdjj3gzonwgFCP7coSsr\nbcGZP5rLT80ahgNffxnmYRe2M1dNaz72RD46IWh/BH0go0BJzaY9HbxM1r2wB+HD\nbvQ/CpfeOrCbQh0zC0aaGSyI7gs4dV0UZQ06Se+V17CJWpl4xx+Qc5iknig1HTzp\ntQCuboE2fZudeMV1kj0v6ZpXp+OZmX7vXGDpDYfASopWCUzyGRfLTnVisRjj5Tt0\n4YM3SDGe8aytio95JOQmRg==\nsamlp:ArtifactAAQAACHaSSDwlBfDhRsm3Hy6hV6x/31eN0QxN0I4NURDOTA5NDZGQzFGRTE=</samlp:Artifact></samlp:ArtifactResolve></s:Body></s:Envelope> to http://auth.vm1.lemonsaml.linagora.com/saml/artifact [Thu Aug 19 10:19:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Get message <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:wsutil="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Body wsutil:Id=""><samlp:ArtifactResponse ID="_D60DD8BB0EB9369B3F6FA32DC3C46879" InResponseTo="_B1FE9F8895E227316219F702357BE4EE" Version="2.0" IssueInstant="2010-08-19T08:19:26Z">saml:Issuerhttp://auth.vm1.lemonsaml.linagora.com/saml/metadata</saml:Issuer>\n\n\n\n\n\n\n\n\n\n9pwQut2Ve69QB2uwyp1pLLyr9zI=\n\n\nnzoF6wh/nCc/tjwmXKEgW1G77hsiw6AxsWvP1wpxaoxdLLFZo7atGvgZFESkmCVZ\nfOHBNE5A1MreRJQKIiRUcEbcySGT5XAArGwqxppln1zYPWlrkun4v/WXR2UQ6J8E\nkL/31osERGxMGnoMum/Fol3wsiYlkvacOdVKq/Hjr3uUkd4LFUDKFQBVbSsDEQXf\nbc+G2Ay1H2837hWNjNgif23QacS9EX+eYBvvhgySbUmrwAzvGXEN5bAJtg5/Dcyh\nGzR58eLyyaIjeBzEEfn7wH+geM+tQfILNru2lI5YaZqqhiDNwOGN3ksupd4NoryL\nSwG1D1U88eAON02Bt8GEFg==\nsamlp:Status<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><samlp:AuthnRequest ID="_2581300D6CF3EB877D00727994FEC013" Version="2.0" IssueInstant="2010-08-19T08:19:26Z" Destination="http://auth.vm2.lemonsaml.linagora.com/saml/singleSignOnArtifact" ForceAuthn="false" IsPassive="false">saml:Issuerhttp://auth.vm1.lemonsaml.linagora.com/saml/metadata</saml:Issuer>\n\n\n\n\n\n\n\n\n\n0XnTJ5JqQQ1WOsnUDxwxc5Z18QE=\n\n\np94GNHw1wTHNQarOKPubPkW4VqygY+27uwPXfxoYijoTGAibIXldGxtY3YtuH4ZX\n0zC85nryT0ITN46l5L3/U3eNLWFfulSYTvRnro7ml6bI0rAywepk1mk5Ac6Hu3lS\nHO5fcVLTJ0ukFw4j+5dRybUeB1FqyIAqayo73AtQG/Q6H8limt1ANg4IKZBxVLtc\nGMj/heg0YRv+JuThfgKt99MuySWX8//TlYw2sFIuF7dk/5oX5E1EGtwT0T9MqFU5\nJRXsQHGmrAB5jRCRvc0DZBopDAY6xOmCEdUsPhJb7h7uqnEn40a4j2Z6UIESlEYS\nFeIqEM61auJV3I7ZCW6qZw==\n<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" SPNameQualifier="http://auth.vm1.lemonsaml.linagora.com/saml/metadata" AllowCreate="true"/></samlp:AuthnRequest></samlp:ArtifactResponse></s:Body></s:Envelope> [Thu Aug 19 10:19:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-08-19 10:19:33 (profile.c/:350) Invalid message [Thu Aug 19 10:19:33 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error code -407: Invalid message [Thu Aug 19 10:19:33 2010] [error] SSO: Fail to process authentication request {panel}