Child pages
  • IdP Failure Scenarios
Skip to end of metadata
Go to start of metadata

Task 1: Missing or Incorrect Metadata

Create the problem:

Configure your IdP so that it does not have the SP's metadata (or has incorrect metadata).

Steps:

Change the URL on your metadata provider to be incorrect or create a filesystem-based MetadataProvider that does not contain the classroom test SP's metadata.

Observations:

The IdP will complain about not having metadata when it gets an AuthenticationRequest from the SP (prior to login) and will log an ERROR in your idp-process.log file.

Task 2: Not all expected attributes were released, but they were populated in LDAP

Create the problem:

Configure your IdP to release an undefined attribute.
-OR-
Configure your IdP to not be able to communicate with the LDAP server.

Steps:

Change one or more attribute definition's ID parameter in attribute-resolver.xml or attribute-filter.xml (change only one of these files, such that they no longer match).
-OR-
Introduce an error in the credentials for the LDAP DataConnector in attribute-resolver.xml (add extra characters to the 'principalCredential').

Observations:

Everything will appear to be normal - login will be successful, but either no attributes will be released or an incomplete set of attributes will be released.

Task 3: Login configuration errors

Create the problem:

Introduce a configuration error in the authentication configuration for your IdP.

Steps:

Make a typo in the login.config file (add extra characters to the bindCredential or change the LDAP URL).

Observations:

Login will fail and you will see an 'authentication failed' message on the login page.  An ERROR will be written to the idp-process.log.

  • No labels