error signaled by ssl ctx callback
Summary
This error is unfortunately a very cryptic message because it's not a core Shibboleth message, but an SSL message. It occurs when the callback to the AA
or the Artifact
servlet is being set up (using SSL and mutual auth). It will be displayed as a session creation failure to the user. The error simply signals that the SSL handshake aborted for some reason.
Possible Causes and Solutions
- OpenSSL version problems.
- The reason might be as simple as that your private key is encrypted and you didn't provide a password to decrypt it. So the solution is to decrypt the private key or provide a password in the credentialsresolver in ShibbolethXml. This particular error shows these lines in shibd.log:
2006-03-01 10:31:29 DEBUG shibtarget.ShibHTTPHook [0] sessionNew: OpenSAML invoked SSL context callback 2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 151429224 in pem_lib.c, line 399 2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 336265225 in ssl_rsa.c, line 709 2006-03-01 10:31:29 ERROR shibtarget.ShibHTTPHook [0] sessionNew: caught a SAML exception while attaching credentials to request: Unable to attach private key to SSL context 2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: error signaled by ssl ctx callback 2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: Closing connection #0 2006-03-01 10:31:29 ERROR SAML.SAMLSOAPHTTPBinding [0] sessionNew: failed while contacting SAML responder: error signaled by ssl ctx callback 2006-03-01 10:31:29 ERROR shibd.Listener [0] sessionNew: caught exception while creating session: SOAPHTTPBindingProvider::send() failed while contacting SAML responder: error signaled by ssl ctx callback