The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

error signaled by ssl ctx callback

Summary

This error is unfortunately a very cryptic message because it's not a core Shibboleth message, but an SSL message. It occurs when the callback to the AA or the Artifact servlet is being set up (using SSL and mutual auth). It will be displayed as a session creation failure to the user. The error simply signals that the SSL handshake aborted for some reason.

Possible Causes and Solutions

  • OpenSSL version problems.
  • The reason might be as simple as that your private key is encrypted and you didn't provide a password to decrypt it. So the solution is to decrypt the private key or provide a password in the credentialsresolver in ShibbolethXml. This particular error shows these lines in shibd.log:
    2006-03-01 10:31:29 DEBUG shibtarget.ShibHTTPHook [0] sessionNew: OpenSAML invoked SSL context callback
    2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 151429224 in pem_lib.c, line 399
    2006-03-01 10:31:29 ERROR OpenSSL [0] sessionNew: error code: 336265225 in ssl_rsa.c, line 709
    2006-03-01 10:31:29 ERROR shibtarget.ShibHTTPHook [0] sessionNew: caught a SAML exception while attaching credentials to request: Unable to attach private key to SSL context
    2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: error signaled by ssl ctx callback
    2006-03-01 10:31:29 DEBUG SAML.libcurl [0] sessionNew: Closing connection #0
    2006-03-01 10:31:29 ERROR SAML.SAMLSOAPHTTPBinding [0] sessionNew: failed while contacting SAML responder: error signaled by ssl ctx callback
    2006-03-01 10:31:29 ERROR shibd.Listener [0] sessionNew: caught exception while creating session: SOAPHTTPBindingProvider::send() failed while contacting SAML responder: error signaled by ssl ctx callback
    
  • No labels