Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

error signaled by ssl ctx callback

Summary

This error is unfortunately a very cryptic message because it's not a core Shibboleth message, but an SSL message. It occurs when the callback to the AA or the Artifact servlet is being set up (using SSL and mutual auth). It will be displayed as a session creation failure to the user. The error simply signals that the SSL handshake aborted for some reason.

Possible Causes and Solutions

  • OpenSSL version problems.
  • The reason might be as simple as that your private key is encrypted and you didn't provide a password to decrypt it. So the solution is to decrypt the private key or provide a password in the credentialsresolver in ShibbolethXml. This particular error shows these lines in shibd.log:
    Code Block
    2006-03-01 10:31:29 DEBUG shibtarget.ShibHTTPHook [0] sessionNew: OpenSAML invoked SSL context callback
    2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 151429224 in pem_lib.c, line 399
    2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 336265225 in ssl_rsa.c, line 709
    2006-03-01 10:31:29 ERROR shibtarget.ShibHTTPHook [0] sessionNew: caught a SAML exception while attaching credentials to request: Unable to attach private key to SSL context
    2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: error signaled by ssl ctx callback
    2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: Closing connection #0
    2006-03-01 10:31:29 ERROR SAML.SAMLSOAPHTTPBinding [0] sessionNew: failed while contacting SAML responder: error signaled by ssl ctx callback
    2006-03-01 10:31:29 ERROR shibd.Listener [0] sessionNew: caught exception while creating session: SOAPHTTPBindingProvider::send() failed while contacting SAML responder: error signaled by ssl ctx callback