D4Science Infrastructure

Giuseppe I think there might be issues with EGI SSO only. At least in my case when I try to access with the EOSC AAI (and select EGI SSO as IdP).

To show you the issue better I realised 3 very small videos accessing with the EOSC AAI and selecting 3 different IdP, namely CNR, ORCID and EGI SSO. You will see that in the case of EGI SSO there is no error but there is no redirect to D4Science.

Please find the videos in the following:

• National Research Council (CNR): https://www.screencast.com/t/G4hKdjous
• ORCiD: https://www.screencast.com/t/n5BOsBHQPXFX
• EGI SSO: https://www.screencast.com/t/0EDaotRVTh

Please let us know what could be the issue in this case

About your last video, since it is the first time that you've used your EGI SSO account to login, you are not member of the EGI community yet. You should complete the subscription, following the registration process as indicated by the EGI AAI service.

Thank you @giuseppe.larocca@egi.eu for looking into this, to check also what is happening on out side I'm trying to finalise the EGI SSO account, but even if it seems to me (see attached image) that Im affiliated as Member I still don't get redirected. I arrive to the page of the video and the menu above suggested don't help in letting me trough.See landing page 1 and 2 files attached.

The error was due to a very big eduPersonEntitlement field. To make the account work, on @nikosev@admin.grnet.gr suggestion, I commented the ‘eduPersonEntitlement’ in the shibboleth attribute map.

We could enable that entry again when we are able to process bigger requests. A couple of suggestions:
http://tomcat.apache.org/connectors-doc/reference/workers.html (suited for mod_jk, that we do not use)
https://stackoverflow.com/a/1730514/7110280

For reference, the errors in the apache logs were:

[Thu Jan 17 16:10:54.289677 2019] [proxy_ajp:error] [pid 10609:tid 139679930476288] (120001)APR does not understand this error code: [client 146.48.122.115:42344] AH00868: request failed to (null) (*), referer: https://aai.egi.eu/proxy/module.php/consent/getconsent.php?saveconsent=1&StateId=_d8af67daf37ff23261a989258c3e3601bfe4005a39%3Ahttps%3A%2F%2Faai.egi.eu%2Fproxy%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fshibbolet-sp.d4science.org%252Fshibboleth%26cookieTime%3D1547737834%26RelayState%3Dss%253Amem%253A63571de49c596979a5344a19639e92a1a86a699d07d2a4c8cef1dfbddd0f5399&yes=

[Fri Jan 18 13:18:42.804806 2019] [proxy_ajp:error] [pid 10609:tid 139679642904320] [client 146.48.122.115:48077] AH00981: ajp_marshal_into_msgb: Error appending attribute AJP_eduPersonEntitlement=urn:mace:egi.eu:group:eosc-hub-all#sso.egi.eu;urn:mace:egi.eu:group:ssb#sso.egi.eu;urn:mace:egi.eu:group:EO-PoC#sso.egi.eu;urn:mace:egi.eu:group:egi-software-provisioning-support#sso.egi.eu;urn:mace:egi.eu:group:change-mgmnt#sso.egi.eu;urn:mace:egi.eu:group:ims-so#sso.egi.eu;urn:mace:egi.eu:group:tcb-cloud#sso.egi.eu;urn:mace:egi.eu:group:openstack-occi-support#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-members#sso.egi.eu;urn:mace:egi.eu:group:vm-operators#sso.egi.eu;urn:mace:egi.eu:group:staged-rollout#sso.egi.eu;urn:mace:egi.eu:group:techops#sso.egi.eu;urn:mace:egi.eu:group:cc-lifewatch#sso.egi.eu;urn:mace:egi.eu:group:sw-rel-qc#sso.egi.eu;urn:mace:egi.eu:group:cloud-compute#sso.egi.eu;urn:mace:egi.eu:group:cc-disastermitigation#sso.egi.eu;urn:mace:egi.eu:group:egi-eudat#sso.egi.eu;urn:mace:egi.eu:group:fc-information-discovery#sso.egi.eu;urn:mace:egi.eu:group:cc-epos#sso.egi.eu;urn:mace:egi.eu:group:service-orders#sso.egi.eu;urn:mace:egi.eu:group:vt-feddata#sso.egi.eu;urn:mace:egi.eu:group:sw-rel-sr#sso.egi.eu;urn:mace:egi.eu:group:svg-rat#sso.egi.eu;urn:mace:egi.eu:group:cc-dariah#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp4#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp6#sso.egi.eu;urn:mace:egi.eu:group:umd-team#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-tf#sso.egi.eu;urn:mace:egi.eu:group:fondacloud#sso.egi.eu;urn:mace:egi.eu:group:fc-federated-aai#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-devel#sso.egi.eu;urn:mace:egi.eu:group:EOSC-hub-access#sso.egi.eu;urn:mace:egi.eu:group:UCB-discuss#sso.egi.eu;urn:mace:egi.eu:group:fc-usersupport#sso.egi.eu;urn:mace:egi.eu:group:cc-elixir#sso.egi.eu;urn:mace:egi.eu:group:csirt#sso.egi.eu;urn:mace:egi.eu:group:noc-managers#sso.egi.eu;urn:mace:egi.eu:group:nagios-discuss#sso.egi.eu;urn:mace:egi.eu:group:ggus-authors#sso.egi.eu;urn:mace:egi.eu:group:cc-bbmri#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp6.1#sso.egi.eu;urn:mace:egi.eu:group:vt-funded-all#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp4.3#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp4.2#sso.egi.eu;urn:mace:egi.eu:group:appdb-atb#sso.egi.eu;urn:mace:egi.eu:group:VM-image-endorsement#sso.egi.eu;urn:mace:egi.eu:group:service-request#sso.egi.eu;urn:mace:egi.eu:group:urt-discuss#sso.egi.eu;urn:mace:egi.eu:group:ngi-international-liaisons#sso.egi.eu;urn:mace:egi.eu:group:tcb-coreinfrastructure#sso.egi.eu;urn:mace:egi.eu:group:hbp#sso.egi.eu;urn:mace:egi.eu:group:vm-endorsers#sso.egi.eu;urn:mace:egi.eu:group:esa-teiss#sso.egi.eu;urn:mace:egi.eu:group:notebooks-support#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-security-contact#sso.egi.eu;urn:mace:egi.eu:group:cloud-compute_watchers#sso.egi.eu;urn:mace:egi.eu:group:mpi-support#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-users#sso.egi.eu;urn:mace:egi.eu:group:galaxy-jupyter-pilots#sso.egi.eu;urn:mace:egi.eu:group:vt-gapf#sso.egi.eu;urn:mace:egi.eu:group:wiki-editors#sso.egi.eu;urn:mace:egi.eu:group:report-vulnerability#sso.egi.eu;urn:mace:egi.eu:group:egi-emso#sso.egi.eu;urn:mace:egi.eu:group:inspire-members#sso.egi.eu;urn:mace:egi.eu:group:sw-rel-admin#sso.egi.eu;urn:mace:egi.eu:group:engage-report#sso.egi.eu;urn:mace:egi.eu:group:fedcloud-integration#sso.egi.eu;urn:mace:egi.eu:group:egi-pay-for-use#sso.egi.eu;urn:mace:egi.eu:group:author-e#sso.egi.eu;urn:mace:egi.eu:group:Copernicus-EGI#sso.egi.eu;urn:mace:egi.eu:group:egi-engage-wp6.2#sso.egi.eu;urn:mace:egi.eu:group:vt-funded-leaders#sso.egi.eu;urn:mace:egi.eu:group:TCB-AAI#sso.egi.eu;urn:mace:egi.eu:group:inspire-sa1#sso.egi.eu;urn:mace:egi.eu:group:tcb-discuss#sso.egi.eu;urn:mace:egi.eu:group:otag#sso.egi.eu;urn:mace:egi.eu:group:EGI-Security-Assessment#sso.egi.eu;urn:mace:egi.eu:group:cc-mobrain#sso.egi.eu;urn:mace:egi.eu:group:eduroam#sso.egi.eu;urn:mace:egi.eu:group:fc-vm-management#sso.egi.eu;urn:mace:egi.eu:group:ict7-editorial-board#sso.egi.eu;urn:mace:egi.eu:group:office#sso.egi.eu;urn:mace:egi.eu:group:technical-support-cases#sso.egi.eu;urn:mace:egi.eu:group:requirements#sso.egi.eu;urn:mace:egi.eu:group:cloud#sso.egi.eu;urn:mace:egi.eu:group:spg-discuss#sso.egi.eu;urn:mace:egi.eu:group:cc-eiscat3d#sso.egi.eu;urn:mace:egi.eu:group:slipstream#sso.egi.eu;urn:mace:egi.eu:group:svg-discuss#sso.egi.eu;urn:mace:egi.eu:group:fc-vm-image-management#sso.egi.eu;urn:mace:egi.eu:group:IMS#sso.egi.eu;urn:mace:egi.eu:www.egi.eu:eosc-hub-all:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ssb:member@egi.eu;urn:mace:egi.eu:www.egi.eu:EO-PoC:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-software-provisioning-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:change-mgmnt:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ims-so:member@egi.eu;urn:mace:egi.eu:www.egi.eu:tcb-cloud:member@egi.eu;urn:mace:egi.eu:www.egi.eu:openstack-occi-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-members:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vm-operators:member@egi.eu;urn:mace:egi.eu:www.egi.eu:staged-rollout:member@egi.eu;urn:mace:egi.eu:www.egi.eu:techops:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-lifewatch:member@egi.eu;urn:mace:egi.eu:www.egi.eu:sw-rel-qc:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cloud-compute:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-disastermitigation:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-eudat:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fc-information-discovery:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-epos:member@egi.eu;urn:mace:egi.eu:www.egi.eu:service-orders:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vt-feddata:member@egi.eu;urn:mace:egi.eu:www.egi.eu:sw-rel-sr:member@egi.eu;urn:mace:egi.eu:www.egi.eu:svg-rat:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-dariah:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp4:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp6:member@egi.eu;urn:mace:egi.eu:www.egi.eu:umd-team:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-tf:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fondacloud:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fc-federated-aai:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-devel:member@egi.eu;urn:mace:egi.eu:www.egi.eu:EOSC-hub-access:member@egi.eu;urn:mace:egi.eu:www.egi.eu:UCB-discuss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fc-usersupport:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-elixir:member@egi.eu;urn:mace:egi.eu:www.egi.eu:csirt:member@egi.eu;urn:mace:egi.eu:www.egi.eu:noc-managers:member@egi.eu;urn:mace:egi.eu:www.egi.eu:nagios-discuss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ggus-authors:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cc-bbmri:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp6.1:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vt-funded-all:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp4.3:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-engage-wp4.2:member@egi.eu;urn:mace:egi.eu:www.egi.eu:appdb-atb:member@egi.eu;urn:mace:egi.eu:www.egi.eu:VM-image-endorsement:member@egi.eu;urn:mace:egi.eu:www.egi.eu:service-request:member@egi.eu;urn:mace:egi.eu:www.egi.eu:urt-discuss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:ngi-international-liaisons:member@egi.eu;urn:mace:egi.eu:www.egi.eu:tcb-coreinfrastructure:member@egi.eu;urn:mace:egi.eu:www.egi.eu:hbp:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vm-endorsers:member@egi.eu;urn:mace:egi.eu:www.egi.eu:esa-teiss:member@egi.eu;urn:mace:egi.eu:www.egi.eu:notebooks-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-security-contact:member@egi.eu;urn:mace:egi.eu:www.egi.eu:cloud-compute_watchers:member@egi.eu;urn:mace:egi.eu:www.egi.eu:mpi-support:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-users:member@egi.eu;urn:mace:egi.eu:www.egi.eu:galaxy-jupyter-pilots:member@egi.eu;urn:mace:egi.eu:www.egi.eu:vt-gapf:member@egi.eu;urn:mace:egi.eu:www.egi.eu:wiki-editors:member@egi.eu;urn:mace:egi.eu:www.egi.eu:report-vulnerability:member@egi.eu;urn:mace:egi.eu:www.egi.eu:egi-emso:member@egi.eu;urn:mace:egi.eu:www.egi.eu:inspire-members:member@egi.eu;urn:mace:egi.eu:www.egi.eu:sw-rel-admin:member@egi.eu;urn:mace:egi.eu:www.egi.eu:engage-report:member@egi.eu;urn:mace:egi.eu:www.egi.eu:fedcloud-integration:member@egi.eu;urn:mace:egi

[Fri Jan 18 13:18:42.807093 2019] [proxy_ajp:error] [pid 10609:tid 139679642904320] [client 146.48.122.115:48077] AH00988: ajp_send_header: ajp_marshal_into_msgb failed, referer: https://aai.egi.eu/proxy/module.php/consent/getconsent.php?StateId=_49534374c6d0c72f7a35b8a2d9504da9d042547648%3Ahttps%3A%2F%2Faai.egi.eu%2Fproxy%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fshibbolet-sp.d4science.org%252Fshibboleth%26cookieTime%3D1547813916%26RelayState%3Dss%253Amem%253A1cf945f841cfe5f205b76a4703aa2d46a9c80e35aeae1252760c5f6f36fd8781&yes=

[Fri Jan 18 13:18:42.807103 2019] [proxy_ajp:error] [pid 10609:tid 139679642904320] (120001)APR does not understand this error code: [client 146.48.122.115:48077] AH00868: request failed to (null) (*), referer: https://aai.egi.eu/proxy/module.php/consent/getconsent.php?StateId=_49534374c6d0c72f7a35b8a2d9504da9d042547648%3Ahttps%3A%2F%2Faai.egi.eu%2Fproxy%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttps%253A%252F%252Fshibbolet-sp.d4science.org%252Fshibboleth%26cookieTime%3D1547813916%26RelayState%3Dss%253Amem%253A1cf945f841cfe5f205b76a4703aa2d46a9c80e35aeae1252760c5f6f36fd8781&yes=