Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support]

Subject: InCommon metadata support

List archive

Re: [Metadata-Support]


Chronological Thread 
  • From: Tom Scavo <>
  • To: "" <>
  • Subject: Re: [Metadata-Support]
  • Date: Wed, 13 Jan 2016 16:48:42 -0500

Well, I know that requireSignedRoot requires V3.2.0 or above. What
version are you running?

Beyond that, I don't know what to tell you. You probably need to raise
this issue on the shib users mailing list.

Tom

On Wed, Jan 13, 2016 at 4:26 PM, Jeffrey J Ramsay
<>
wrote:
> Hello:
>
> I have been struggling with this problem for over an hour and can't resolve
> it myself. I'm trying to configure my IdP to verify the InCommon metadata
> and it's failing with the following error message. If I remove
> "requireSignedRoot="true"" it will download the data without warnings but I
> suspect it's not verified.
>
> Caused by:
> org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line
> 36 in XML document from file
> [/u01/app/badm/apps/test/shibboleth-idp/conf/metadata-provid
> ers.xml] is invalid; nested exception is org.xml.sax.SAXParseException;
> lineNumber: 36; columnNumber: 63; cvc-complex-type.3.2.2: Attribute
> 'requireSignedRoot' is not allowed t
> o appear in element 'MetadataFilter'.
> at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399)
> Caused by: org.xml.sax.SAXParseException: cvc-complex-type.3.2.2: Attribute
> 'requireSignedRoot' is not allowed to appear in element 'MetadataFilter'.
> at
> com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
> 2016-01-13 16:19:33,659 - ERROR
> [net.shibboleth.utilities.java.support.service.AbstractReloadableService:185]
> - Service 'shibboleth.MetadataResolverService': No further attempt
> s will be made to reload
>
> My setup is as follows:
>
> <MetadataProvider id="INCXXXXX"
> xsi:type="FileBackedHTTPMetadataProvider"
>
> metadataURL="http://md.incommon.org/InCommon/InCommon-metadata-preview.xml";
>
> backingFile="%{idp.home}/metadata/InCommon-metadata-preview.xml"
> minRefreshDelay="PT5M" maxRefreshDelay="PT1H"
> refreshDelayFactor="0.75">
> <MetadataFilter xsi:type="SignatureValidation"
> requireSignedRoot="true"
>
> certificateFile="%{idp.home}/credentials/inc-md-cert.pem"/>
> <MetadataFilter xsi:type="RequiredValidUntil"
> maxValidityInterval="P14D"/>
> <MetadataFilter xsi:type="EntityRoleWhiteList">
> <RetainedRole>md:SPSSODescriptor</RetainedRole>
> </MetadataFilter>
> </MetadataProvider>
>
> Thanks,
> -Jeff
>
> --
> Jeffrey Ramsay
> Assistant Director
> Enterprise Software Infrastructure
> and Technical Planning
> Binghamton University
> http://www.binghamton.edu



Archive powered by MHonArc 2.6.16.

Top of Page