Estoy usando shibbolet para la autenticación de un solo usuario y necesita una configuración de SSL que facilite el proceso de autenticación del usuario. Antes de que funcionara bien, pero ahora estoy enfrentando un error Error de protocolo de enlace y se ignora la conexión segura. Aquí está el mensaje de error detallado en la pantalla del navegador (firefox):
Secure Connection Failed
An error occurred during a connection to www.mydomain.com.
SSL peer was unable to negotiate an acceptable set of security parameters.
(Error code: ssl_error_handshake_failure_alert)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Actualización:
Aquí está el registro de errores actualizado de Shibbolet:
2012-09-20 15:14:59 DEBUG Shibboleth.Listener [17]: dispatching message (default/SAML/POST)
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1POST [17]: validating input
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1POST [17]: decoded SAML response:
<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="2012-09-20T13:10:43.494Z" MajorVersion="1" MinorVersion="1" Recipient="https://inami-riziv.dokeosnet.com/Shibboleth.sso/SAML/POST" ResponseID="_faf482981786daacf938e158e87d75f8"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#_faf482981786daacf938e158e87d75f8">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="code ds kind rw saml samlp typens #default xsd xsi"></ec:InclusiveNamespaces></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>qgvrV2yDB88HKXStzqT3sFrpLlo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ifKK73UUbsOxqpsnfGcloErG5Vsrklckv/xpbsMAWDzrTm8ZvWjaLru0d7smEYmKFXdkJ/JayAXW
cM5aAKAwazWM7tj5YYvY3bTFlq4k/qI3GR46Kr5apGKkTEtDR9DkZDJ6N2+/vqOvdIxwefdFvaPs
FzsrZeGkt+IAcKmgCFZ78/2tbfckYd4sFGko0Lw3nIl9/dac03OJUsUVuScsiEVd6f/DjzedHgkk
3DD0xR2HFIY5MQzDdztz1f4PyuGFdXiyauUtm2bF+7XULQ8XwfGd+K0qIMOKBykTQuq0ijL+PpgZ
jRr3G2ylqSsJ1/NIwT6pRG79gJlcw55RB25XzA==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIE0DCCA7igAwIBAgILAQAAAAABMu4tWh8wDQYJKoZIhvcNAQEFBQAwNDELMAkGA1UEBhMCQkUx
FjAUBgNVBAMTDUdvdmVybm1lbnQgQ0ExDTALBgNVBAUTBDIwMTAwHhcNMTExMDEwMTUwMTMyWhcN
MTMwMTEwMTUwMTMyWjCBrTEcMBoGA1UEAxMTQ0JFPTA4MDkzOTQ0MjcsIElBTTELMAkGA1UEBhMC
QkUxDDAKBgNVBAsTA0lBTTEXMBUGA1UECxMOQ0JFPTA4MDkzOTQ0MjcxGTAXBgNVBAsTEEVIRUFM
VEgtUExBVEZPUk0xITAfBgNVBAsTGGVIZWFsdGgtcGxhdGZvcm0gQmVsZ2l1bTEbMBkGA1UEChMS
RmVkZXJhbCBHb3Zlcm5tZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgdTZNoR
CU7urB0+tdDDlVfrplxwcEwp+QoMJpiznNjMHZLxzwzl6PSMc8V7Gd2OGSGSHZJqrDz0643Djo6o
t59Tai2itHy9ZIQle3wmREi9ek86ousZuP6sZDw019xzztFLCaqO1Jfs28sBAeZovZZou7dDuD7w
86lkxvPssdJWZ0MO9FTwsseRoUowfWUfxp8E+3PpYdEy6BxGo5hh13lm2RphbcW0v0ouvR9yqVRh
cYhonol4Yj7nEm6tTc6NmCf2zEaX+F3e2hbj7bzgWJ1wKuhiMuQItLgN/XKhb6/jy44wjLj6IWIS
DH8LVPYITm+ImidDKI7WcGzJhu0IowIDAQABo4IBZzCCAWMwHwYDVR0jBBgwFoAUQZbOhaflXugW
WT0K8YTd8/K7TokwbgYIKwYBBQUHAQEEYjBgMDYGCCsGAQUFBzAChipodHRwOi8vY2VydHMucGtp
LmJlbGdpdW0uYmUvYmVsZ2l1bXJzMi5jcnQwJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5i
ZWxnaXVtLmJlMAkGA1UdEwQCMAAwRAYDVR0gBD0wOzA5BgdgOAkBAQMDMC4wLAYIKwYBBQUHAgEW
IGh0dHA6Ly9yZXBvc2l0b3J5LnBraS5iZWxnaXVtLmJlMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6
Ly9jcmwucGtpLmJlbGdpdW0uYmUvZ292ZXJubWVudDIwMTAuY3JsMA4GA1UdDwEB/wQEAwIE8DAR
BglghkgBhvhCAQEEBAMCBLAwHQYDVR0OBBYEFGtvDxQis8EQNHkujqvXW0CGhSbnMA0GCSqGSIb3
DQEBBQUAA4IBAQCDfqrhNJeB+tiesyXiAfuIwz2rJiVANb71VptyPGh96qMHBfU/w9fKdN87cF2J
IHg23ll0MEUo7I8oA2F5Dv0Jw/sB7GovOsosC6QcYzEo/D24vSYKI7Clw3SkKPUcqv3u68IPs8wF
L/Nowmxy6HGAvDlt1fQBpwePVKifGOygUcz0KWHMqNV7IJzyXrF2nbvg3TUJKaDR0zV4CjzLpaCI
IY1wY6e2/08mxf/Q5D7YO3sTxmjixkjRqCKXBCJa0CjXxT3/8Pfg5lHGNr7onIL84SMCZREur5I0
3u64HiqHBtSZaDWrw7d4CcjY/NoPfHO8hmAXEBMTm4zEhG4Nw0+2
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo></ds:Signature><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_56927407beba7fd1762d43bb15f71303" IssueInstant="2012-09-20T13:10:43.494Z" Issuer="http://idp.smals-mvm.be/shibboleth" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2012-09-20T13:10:43.494Z" NotOnOrAfter="2012-09-20T13:15:43.494Z"><AudienceRestrictionCondition><Audience>https://inami-riziv.dokeosnet.com/shibboleth</Audience><Audience>urn:be:fgov:ehealth:trust:partners</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant="2012-09-20T13:10:43.494Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="http://idp.smals-mvm.be/shibboleth">_99e6f544a77e9b878ff54a1091c2c603</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject><SubjectLocality IPAddress="193.191.246.82"></SubjectLocality></AuthenticationStatement></Assertion></Response>
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1 [17]: extracting issuer from SAML 1.x Response
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1 [17]: response from (http://idp.smals-mvm.be/shibboleth)
2012-09-20 15:14:59 DEBUG OpenSAML.MessageDecoder.SAML1 [17]: searching metadata for response issuer...
2012-09-20 15:14:59 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [17]: evaluating message flow policy (replay checking on, expiration 60)
2012-09-20 15:14:59 ERROR OpenSAML.SecurityPolicyRule.MessageFlow [17]: rejected expired message, timestamp (1348146643), oldest allowed (1348146659)
2012-09-20 15:19:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 15:34:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 15:42:06 DEBUG Shibboleth.Listener [18]: dispatching message (default::getHeaders::Application)
2012-09-20 15:42:06 DEBUG Shibboleth.Listener [18]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 15:42:06 DEBUG XMLTooling.StorageService [18]: inserted record (9699add17fc90926f21c8fa06efec1e1) in context (RelayState) with expiration (1348149126)
2012-09-20 16:04:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 16:19:53 INFO XMLTooling.StorageService : purged 2 expired record(s) from storage
2012-09-20 16:20:21 DEBUG Shibboleth.Listener [21]: dispatching message (default::getHeaders::Application)
2012-09-20 16:20:21 DEBUG Shibboleth.Listener [21]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 16:20:21 DEBUG XMLTooling.StorageService [21]: inserted record (5bfae2fab27dfd8026a14e253696bc3a) in context (RelayState) with expiration (1348151421)
2012-09-20 16:34:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 16:39:19 DEBUG Shibboleth.Listener [22]: dispatching message (default::getHeaders::Application)
2012-09-20 16:39:19 DEBUG Shibboleth.Listener [22]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 16:39:19 DEBUG XMLTooling.StorageService [22]: inserted record (fbf6b65fc660ed134500345faef56f0a) in context (RelayState) with expiration (1348152559)
2012-09-20 16:43:29 INFO Shibboleth.Listener [15]: detected socket closure, shutting down worker thread
2012-09-20 16:49:53 INFO XMLTooling.StorageService : purged 1 expired record(s) from storage
2012-09-20 17:20:55 INFO Shibboleth.Listener [19]: detected socket closure, shutting down worker thread
2012-09-20 17:31:10 INFO Shibboleth.Listener [21]: detected socket closure, shutting down worker thread
2012-09-20 18:21:09 INFO Shibboleth.Listener [18]: detected socket closure, shutting down worker thread
2012-09-20 18:28:29 INFO Shibboleth.Listener [17]: detected socket closure, shutting down worker thread
2012-09-20 18:28:31 INFO Shibboleth.Listener [20]: detected socket closure, shutting down worker thread
2012-09-20 18:48:23 DEBUG Shibboleth.Listener [23]: dispatching message (default::getHeaders::Application)
2012-09-20 18:48:23 DEBUG Shibboleth.Listener [23]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:48:23 DEBUG XMLTooling.StorageService [23]: inserted record (0b316ef6e5acf1da562899feb0b84ec1) in context (RelayState) with expiration (1348160303)
2012-09-20 18:52:26 DEBUG Shibboleth.Listener [24]: dispatching message (default::getHeaders::Application)
2012-09-20 18:52:26 DEBUG Shibboleth.Listener [24]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:52:26 DEBUG XMLTooling.StorageService [24]: inserted record (b89fbe4deecae876148bd470e7aa6f85) in context (RelayState) with expiration (1348160546)
2012-09-20 18:52:38 DEBUG Shibboleth.Listener [25]: dispatching message (default::getHeaders::Application)
2012-09-20 18:52:38 DEBUG Shibboleth.Listener [25]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:52:38 DEBUG XMLTooling.StorageService [25]: inserted record (b76b99286d06dd0ce84da39c9947e344) in context (RelayState) with expiration (1348160558)
2012-09-20 18:53:03 INFO Shibboleth.Listener [16]: detected socket closure, shutting down worker thread
2012-09-20 18:53:27 DEBUG Shibboleth.Listener [26]: dispatching message (default::getHeaders::Application)
2012-09-20 18:53:27 DEBUG Shibboleth.Listener [26]: dispatching message (default/Login::run::Shib1SI)
2012-09-20 18:53:27 DEBUG XMLTooling.StorageService [26]: inserted record (59fc5fa8d1589ffc94077f4e0e079f38) in context (RelayState) with expiration (1348160607)
2012-09-20 19:00:41 DEBUG Shibboleth.Listener [27]: dispatching message (default::getHeaders::Application)
2012-09-20 19:00:41 DEBUG Shibboleth.Listener [27]: dispatching message (default/Login::run::Shib1SI)
3865,1 99%
Editar:
Pasos para ver el error en vivo: : Ir a esta página > haga clic en Iniciar sesión > A continuación, haga clic en "Identificación por tarjeta de identidad electrónica". > mensaje de error (el inicio de sesión está protegido por shibbolet)
Nota: he realizado todos los ajustes del navegador, incluso he instalado el último navegador. Creo que hay un problema con la configuración ssl y he sincronizado el reloj, pero no es útil.