Skip to Content.
Sympa Menu

metadata-support - [Metadata-Support]

Subject: InCommon metadata support

List archive

[Metadata-Support]


Chronological Thread 
  • From: Jeffrey J Ramsay <>
  • To: "metadata-suppo." <>
  • Subject: [Metadata-Support]
  • Date: Wed, 13 Jan 2016 16:26:33 -0500

Hello:

I have been struggling with this problem for over an hour and can't resolve it myself. I'm trying to configure my IdP to verify the InCommon metadata and it's failing with the following error message. If I remove "requireSignedRoot="true"" it will download the data without warnings but I suspect it's not verified.

Caused by: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 36 in XML document from file [/u01/app/badm/apps/test/shibboleth-idp/conf/metadata-provid
ers.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 36; columnNumber: 63; cvc-complex-type.3.2.2: Attribute 'requireSignedRoot' is not allowed t
o appear in element 'MetadataFilter'.
        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399)
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.3.2.2: Attribute 'requireSignedRoot' is not allowed to appear in element 'MetadataFilter'.
        at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
2016-01-13 16:19:33,659 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:185] - Service 'shibboleth.MetadataResolverService': No further attempt
s will be made to reload

My setup is as follows:

        <MetadataProvider id="INCXXXXX" xsi:type="FileBackedHTTPMetadataProvider"
                        metadataURL="http://md.incommon.org/InCommon/InCommon-metadata-preview.xml"
                        backingFile="%{idp.home}/metadata/InCommon-metadata-preview.xml"
                        minRefreshDelay="PT5M" maxRefreshDelay="PT1H" refreshDelayFactor="0.75">
                <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
                        certificateFile="%{idp.home}/credentials/inc-md-cert.pem"/>
                <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D"/>
                <MetadataFilter xsi:type="EntityRoleWhiteList">
                        <RetainedRole>md:SPSSODescriptor</RetainedRole>
                </MetadataFilter>
        </MetadataProvider>

Thanks,
-Jeff

--
Jeffrey Ramsay
Assistant Director
Enterprise Software Infrastructure
and Technical Planning
Binghamton University
http://www.binghamton.edu



Archive powered by MHonArc 2.6.16.

Top of Page