technical-discuss - Re: [InC-Technical] Transport option not being respected by MDQ metadata provider.
Subject: InCommon Technical Discussions
List archive
Re: [InC-Technical] Transport option not being respected by MDQ metadata provider.
Chronological Thread
- From: Nick Roy <>
- To: Krishna Mohan <>
- Cc: "" <>
- Subject: Re: [InC-Technical] Transport option not being respected by MDQ metadata provider.
- Date: Wed, 20 Nov 2019 22:20:50 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JYteEmcRpFtkiJNRAC4a250CdhgjAIm4aWrBcnZ6fsU=; b=W8CJBKB175gWz2FqhB6ydlhuPLacupMHtZ1MF75Cp4ztzLWfqChilvdJHIgmQKkecJnaTkDpM+hhiG1Qq/rGzlI9rwGqlrCg+XV5e63KqMJxj+2gev907PveGRcBYr3HUzchokuITV9BEthk+i67P7fCAmXjODm+SKgSAU+efHsISTlz8WYnFZZuNNjgG6PjnqzKC17QLFvofGXXqWE3V3lXiAq1kWJKCTWHK+ncAc4ordFvV0OpRvvkZ1PgqwPwjI3Io34ZRikdsz5zqSZ40P0rVStJskbk3oW5TO8g78agb+7RIQbk8JkZ5VesDXVvzvumS0MmOg7jkTlWy7SsHA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AmDEKCrzTI4JD+96B1cVRCDoPs21sj9jKXA3sww/jCTlcy6GtyNALJTRVrCxApsOtkkAr7JycKg8tFYbTybuUbYgNKNMfjB6Rm0AFOPqzspXOuLKENx9ryU9slhTCoOVN1IqDYThm1e095eTWG9RIS+69GguopDo2twwA/A4/PyewTCyWcHPh8spsV/Th/9fTL/1xLuipYLuXV8+H16jBCIdKnQ+78WxShG0gtrfN4gomCik0Q8V1aWe5nHy60k2+rxnzLJMV1JQsdWRMlNaOI5ii7ysCaG0273y1JvSwH5EqGcNUs/3WuiG3K3cXJDkW9zVLpU0t6LAz6ac01EymQ==
Hi Krishna,
I assume you are working with Shibboleth SP. Are firewall rules preventing your SP from reaching the correct port on your proxy? Just out of curiosity, why are you using a proxy? Doing so adds an additional layer of complication and potential point of failure. The logs you supplied below look like whatever is trying to connect to MDQ is failing. Perhaps you have firewall rules preventing egress and that’s why you’re trying to use a proxy? If so, you should consider making an exception for metadata clients.
Best,
Nick Roy
Director of Technology and Strategy
InCommon
On 18 Nov 2019, at 10:40, Krishna Mohan wrote:
Hi All,
We have a service provider 3.0.4 on windows and trying to configure MDQ metadata provider using a webproxy.
We are not seeing the webproxy being utilized, when it tries to load metadata. Below is the configuration and the logs.
Did we miss something or is there a bug?
Configuration:
<MetadataProvider type="MDQ" id="incommon" ignoreTransport="true" cacheDirectory="inc-mdq-cache" maxCacheDuration="86400" minCacheDuration="60" baseUrl="https://mdq.incommon.org/">
<TransportOption provider="CURL" option="10004">xxxx-webproxy.xxxx.internal:xxxx</TransportOption>
<MetadataFilter type="Signature" certificate="inc-md-cert-mdq.pem"/>
</MetadataProvider>
Logs:
2019-11-15 15:33:38 DEBUG XMLTooling.SOAPTransport.CURL [1] [default]: getting connection handle to https://mdq.incommon.org/entities/urn%3Amace%3Aincommon%3Aucop.edu
2019-11-15 15:33:38 DEBUG XMLTooling.SOAPTransport.CURL [1] [default]: nothing free in pool, returning new connection handle
2019-11-15 15:33:38 DEBUG XMLTooling.SOAPTransport.CURL [1] [default]: sending SOAP message to https://mdq.incommon.org/entities/urn%3Amace%3Aincommon%3Aucop.edu
2019-11-15 15:33:39 DEBUG XMLTooling.libcurl [1] [default]: Trying 13.225.146.95...
2019-11-15 15:33:39 DEBUG XMLTooling.libcurl [1] [default]: TCP_NODELAY set
2019-11-15 15:33:44 DEBUG XMLTooling.libcurl [1] [default]: After 4976ms connect time, move on!
2019-11-15 15:33:44 DEBUG XMLTooling.libcurl [1] [default]: connect to 13.225.146.95 port 443 failed: Timed out
2019-11-15 15:33:44 DEBUG XMLTooling.libcurl [1] [default]: Trying 13.225.146.99...
2019-11-15 15:33:44 DEBUG XMLTooling.libcurl [1] [default]: TCP_NODELAY set
2019-11-15 15:33:46 DEBUG XMLTooling.libcurl [1] [default]: After 2484ms connect time, move on!
2019-11-15 15:33:46 DEBUG XMLTooling.libcurl [1] [default]: connect to 13.225.146.99 port 443 failed: Timed out
2019-11-15 15:33:46 DEBUG XMLTooling.libcurl [1] [default]: Trying 13.225.146.72...
2019-11-15 15:33:46 DEBUG XMLTooling.libcurl [1] [default]: TCP_NODELAY set
2019-11-15 15:33:47 DEBUG XMLTooling.libcurl [1] [default]: After 1242ms connect time, move on!
2019-11-15 15:33:47 DEBUG XMLTooling.libcurl [1] [default]: connect to 13.225.146.72 port 443 failed: Timed out
2019-11-15 15:33:47 DEBUG XMLTooling.libcurl [1] [default]: Trying 13.225.146.61...
2019-11-15 15:33:47 DEBUG XMLTooling.libcurl [1] [default]: TCP_NODELAY set
2019-11-15 15:33:48 DEBUG XMLTooling.libcurl [1] [default]: After 617ms connect time, move on!
2019-11-15 15:33:48 DEBUG XMLTooling.libcurl [1] [default]: connect to 13.225.146.61 port 443 failed: Timed out
2019-11-15 15:33:48 DEBUG XMLTooling.libcurl [1] [default]: Failed to connect to mdq.incommon.org port 443: Timed out
2019-11-15 15:33:48 DEBUG XMLTooling.libcurl [1] [default]: Closing connection 0
2019-11-15 15:33:48 ERROR OpenSAML.MetadataProvider.Dynamic [1] [default]: error while resolving (urn:mace:incommon:ucop.edu): CURLSOAPTransport failed while contacting SOAP endpoint (https://mdq.incommon.org/entities/urn%3Amace%3Aincommon%3Aucop.edu): Failed to connect to mdq.incommon.org port 443: Timed out
Thanks,
Krishna
To unsubscribe from this list, send email to with the subject: unsubscribe technical-discuss
Attachment:
signature.asc
Description: OpenPGP digital signature
- [InC-Technical] Transport option not being respected by MDQ metadata provider., Krishna Mohan, 11/18/2019
- Re: [InC-Technical] Transport option not being respected by MDQ metadata provider., Nick Roy, 11/20/2019
Archive powered by MHonArc 2.6.19.