Access Keys:
Skip to content (Access Key - 0)

Q: Touchstone opensaml FatalProfileException

When I try to log in (with my username/password) through Touchstone, no matter what site I try on, I get an error such as:

or

Answer

Contact IS&T and give an example of the error message.

Details

This can happen if an account has no LDAP data (ldap.mit.edu).

  • One possible reason would be that the user has not completed their registration for a Kerberos account (http://web.mit.edu/register) and/or that their record is not available in LDAP.
  • If using existing Kerberos tickets to authenticate to Touchstone, the browser might pick up the wrong tickets (e.g., root instance tickets), also resulting in this error.

Additional Info for IS&T troubleshooting

This link viewable only to IS&T
[What are the various Moira statuses and what do they mean?]

  • Half-registered accounts (status 2 or 8) may not be in LDAP.
  • Occasionally an account is not synced. Updating an account's Moira status can force an LDAP sync.
  • Dragon Naturally Speaking browser extension is known to block Duo and display this error as well. Try disabling the extension.

IS&T Contributions

Documentation and information provided by IS&T staff members

Last Modified:

September 26, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
touchstone touchstone Delete
c-touchstone c-touchstone Delete
opensaml opensaml Delete
fatalprofileexception fatalprofileexception Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki