Reproducible in local autopkgtest
Good: ### gss_eap_shib_attr_provider::init(): Initializing ShibResolver library ### finalize_class::finalize_class(): Constructing Sending init_sec_context token (size=81)...continue needed... Sending init_sec_context token (size=50)...continue needed... Sending init_sec_context token (size=42)...continue needed... Sending init_sec_context token (size=235)...continue needed... Sending init_sec_context token (size=42)...continue needed... Sending init_sec_context token (size=173)...continue needed... Sending init_sec_context token (size=99)...continue needed... Sending init_sec_context token (size=142)...continue needed... Sending init_sec_context token (size=42)...continue needed... Sending init_sec_context token (size=60)...continue needed...
context flag: GSS_C_MUTUAL_FLAG context flag: GSS_C_REPLAY_FLAG context flag: GSS_C_SEQUENCE_FLAG context flag: GSS_C_CONF_FLAG context flag: GSS_C_INTEG_FLAG "<email address hidden>" to "host/localhost", lifetime -1, flags 13e, locally initiated, open Name type of source name is { 1 2 840 113554 1 2 1 1 }. Mechanism { 1 3 6 1 5 5 15 1 1 17 } supports 6 names 0: { 1 2 840 113554 1 2 1 1 } 1: { 1 2 840 113554 1 2 1 4 } 2: { 1 3 6 1 5 6 4 } 3: { 1 3 6 1 5 6 6 } 4: { 1 3 6 1 5 5 15 2 1 } 5: { 1 3 6 1 5 6 3 } Signature verified. ### finalize_class::finalize_class(): Constructing 2021-12-16 09:44:16 WARN Shibboleth.Application : no MetadataProvider available, configure at least one for standard SSO usage 2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/bio/bss_file.c, line 288 2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('/etc/shibboleth/sp-signing-key.pem','r') 2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/bio/bss_file.c, line 290 2021-12-16 09:44:16 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibboleth/sp-signing-key.pem). 2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/bio/bss_file.c, line 288 2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('/etc/shibboleth/sp-encrypt-key.pem','r') 2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/bio/bss_file.c, line 290 2021-12-16 09:44:16 ERROR XMLTooling.CredentialResolver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibboleth/sp-encrypt-key.pem). context flag: GSS_C_MUTUAL_FLAG context flag: GSS_C_REPLAY_FLAG context flag: GSS_C_SEQUENCE_FLAG context flag: GSS_C_CONF_FLAG context flag: GSS_C_INTEG_FLAG Attribute urn:ietf:params:gss:radius-attribute 79 Authenticated Complete
03070004
Attribute urn:ietf:params:gss:radius-attribute 80 Authenticated Complete
fea2dc1b41a181201e5650cd85cf90f5
Attribute urn:ietf:params:gss:radius-attribute 1 Authenticated Complete
@test.com
40746573742e636f6d
Accepted connection: "@test.com" Received message: "testmessage" NOOP token ### ShibFinalizer::ShibFinalizer(): Constructing ### gssEapAttrProvidersInitInternal(): Calling gssEapSamlAttrProvidersInit() ### gssEapAttrProvidersInitInternal(): Setting gssEapAttrProvidersInitStatus to 00000000 gss_accept_sec_context: 1/0 EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: Status notification: completion (param=success) EAP: EAP entering state SUCCESS CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully gss_init_sec_context: 1/0 gss_accept_sec_context: 0/0 gss_init_sec_context: 0/0 EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit ### ~finalize_class::~finalize_class() : initStatus=00100000 ### gssEapFinalize() ### ShibFinalizer::~ShibFinalizer(): Destructing ### gss_eap_shib_attr_provider::finalize(): calling ShibbolethResolver::term() ### ~finalize_class::~finalize_class() : initStatus=00000000 ### ~finalize_class::~finalize_class() : really finalizing ### gssEapFinalize()
Bad: ### finalize_class::finalize_class(): Constructing GSS-API error accepting context: Invalid credential was supplied GSS-API error accepting context: Authentication rejected by RADIUS server gss_accept_sec_context: 655360/2109382925 ### ~finalize_class::~finalize_class() : initStatus=00100000 EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit gss_init_sec_context: 655360/2109382925 sending token length: Broken pipe ### gssEapFinalize() ### ~finalize_class::~finalize_class() : initStatus=00100000 ### finalize_class::finalize_class(): Constructing Sending init_sec_context token (size=81)...continue needed... Sending init_sec_context token (size=50)...continue needed... Sending init_sec_context token (size=42)...continue needed... Sending init_sec_context token (size=235)...continue needed... Sending init_sec_context token (size=42)...continue needed... Sending init_sec_context token (size=173)...continue needed... Sending init_sec_context token (size=99)...continue needed... Sending init_sec_context token (size=142)...continue needed... Sending init_sec_context token (size=42)...continue needed... Sending init_sec_context token (size=9)...### gssEapFinalize()
Reproducible in local autopkgtest
Good: shib_attr_ provider: :init() : Initializing ShibResolver library class:: finalize_ class() : Constructing ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed...
### gss_eap_
### finalize_
Sending init_sec_context token (size=81)
Sending init_sec_context token (size=50)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=235)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=173)
Sending init_sec_context token (size=99)
Sending init_sec_context token (size=142)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=60)
context flag: GSS_C_MUTUAL_FLAG class:: finalize_ class() : Constructing Application : no MetadataProvider available, configure at least one for standard SSO usage bio/bss_ file.c, line 288 /etc/shibboleth /sp-signing- key.pem' ,'r') bio/bss_ file.c, line 290 CredentialResol ver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibbolet h/sp-signing- key.pem) . bio/bss_ file.c, line 288 /etc/shibboleth /sp-encrypt- key.pem' ,'r') bio/bss_ file.c, line 290 CredentialResol ver.Chaining : caught exception processing embedded CredentialResolver element: Unable to load private key from file (/etc/shibbolet h/sp-encrypt- key.pem) . params: gss:radius- attribute 79 Authenticated Complete
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
"<email address hidden>" to "host/localhost", lifetime -1, flags 13e, locally initiated, open
Name type of source name is { 1 2 840 113554 1 2 1 1 }.
Mechanism { 1 3 6 1 5 5 15 1 1 17 } supports 6 names
0: { 1 2 840 113554 1 2 1 1 }
1: { 1 2 840 113554 1 2 1 4 }
2: { 1 3 6 1 5 6 4 }
3: { 1 3 6 1 5 6 6 }
4: { 1 3 6 1 5 5 15 2 1 }
5: { 1 3 6 1 5 6 3 }
Signature verified.
### finalize_
2021-12-16 09:44:16 WARN Shibboleth.
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/
2021-12-16 09:44:16 ERROR XMLTooling.
2021-12-16 09:44:16 ERROR OpenSSL : error code: 33558530 in ../crypto/
2021-12-16 09:44:16 ERROR OpenSSL : error data: fopen('
2021-12-16 09:44:16 ERROR OpenSSL : error code: 537346050 in ../crypto/
2021-12-16 09:44:16 ERROR XMLTooling.
context flag: GSS_C_MUTUAL_FLAG
context flag: GSS_C_REPLAY_FLAG
context flag: GSS_C_SEQUENCE_FLAG
context flag: GSS_C_CONF_FLAG
context flag: GSS_C_INTEG_FLAG
Attribute urn:ietf:
03070004
Attribute urn:ietf: params: gss:radius- attribute 80 Authenticated Complete
fea2dc1b41a1812 01e5650cd85cf90 f5
Attribute urn:ietf: params: gss:radius- attribute 1 Authenticated Complete
@test.com
40746573742e636f6d
Accepted connection: "@test.com" :ShibFinalizer( ): Constructing dersInitInterna l(): Calling gssEapSamlAttrP rovidersInit( ) dersInitInterna l(): Setting gssEapAttrProvi dersInitStatus to 00000000 sec_context: 1/0 EAP-SUCCESS EAP authentication completed successfully sec_context: 1/0 sec_context: 0/0 sec_context: 0/0 class:: ~finalize_ class() : initStatus=00100000 :~ShibFinalizer (): Destructing shib_attr_ provider: :finalize( ): calling ShibbolethResol ver::term( ) class:: ~finalize_ class() : initStatus=00000000 class:: ~finalize_ class() : really finalizing
Received message: "testmessage"
NOOP token
### ShibFinalizer:
### gssEapAttrProvi
### gssEapAttrProvi
gss_accept_
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-
gss_init_
gss_accept_
gss_init_
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
### ~finalize_
### gssEapFinalize()
### ShibFinalizer:
### gss_eap_
### ~finalize_
### ~finalize_
### gssEapFinalize()
Bad: class:: finalize_ class() : Constructing sec_context: 655360/2109382925 class:: ~finalize_ class() : initStatus=00100000 sec_context: 655360/2109382925 class:: ~finalize_ class() : initStatus=00100000 class:: finalize_ class() : Constructing ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed... ...continue needed...
### finalize_
GSS-API error accepting context: Invalid credential was supplied
GSS-API error accepting context: Authentication rejected by RADIUS server
gss_accept_
### ~finalize_
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
gss_init_
sending token length: Broken pipe
### gssEapFinalize()
### ~finalize_
### finalize_
Sending init_sec_context token (size=81)
Sending init_sec_context token (size=50)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=235)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=173)
Sending init_sec_context token (size=99)
Sending init_sec_context token (size=142)
Sending init_sec_context token (size=42)
Sending init_sec_context token (size=9)...### gssEapFinalize()