2

I just installed OpenAM 13.0.0, created an hosted IDP, and registered a remote SP. Within the remote SP (a product called Questetra), I configured the entityID, login URL, logout URL, and certificate using values found in the XML at http://idp:8080/openam/saml2/jsp/exportmetadata.jsp?entityid=http://idp:8080/openam&realm=/

Problem: OpenAM says 500 Internal Server Error at the step where the browser loads the successURL.

  • Any idea what is happening?
  • Any tips on how to debug? There is nothing special in the Tomcat and OpenAM logs.

Shortened Wireshark trace

HTTP/1.1 200 OK
[...]

{"successURL":"/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST"}

GET /openam/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST HTTP/1.1
[...]

HTTP/1.1 500 Internal Server Error
[...]

<html>[...]HTTP Status 500 - Unable to do Single Sign On or Federation[...]</html>

Full trace at https://gist.github.com/nicolas-raoul/5ff26f37a95bc8088c6af7fe6ea5e468

Tomcat 7.0.72, Ubuntu 2016.04.1 LTS, Firefox 50.1.0

Nicolas Raoul
  • 58,567
  • 58
  • 222
  • 373

1 Answers1

1

I solved this same error by taking the Certificate value directly from the metadata file exported from OpenAM and entering that directly again, to ensure that it was the exact same.

rileyd
  • 56
  • 1
  • 5