Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support]

Subject: InCommon metadata support

List archive

Re: [Metadata-Support]


Chronological Thread 
  • From: Jeffrey J Ramsay <>
  • To: "metadata-suppo." <>
  • Subject: Re: [Metadata-Support]
  • Date: Wed, 13 Jan 2016 16:50:56 -0500

Tom,

I just started to reply to my original post. The 3.1.2 build requires "requireSignedMetadata" instead of "requireSignedRoot".

All set now.

Thanks,
-Jeff

On Wed, Jan 13, 2016 at 4:48 PM, Tom Scavo <> wrote:
Well, I know that requireSignedRoot requires V3.2.0 or above. What
version are you running?

Beyond that, I don't know what to tell you. You probably need to raise
this issue on the shib users mailing list.

Tom

On Wed, Jan 13, 2016 at 4:26 PM, Jeffrey J Ramsay
<> wrote:
> Hello:
>
> I have been struggling with this problem for over an hour and can't resolve
> it myself. I'm trying to configure my IdP to verify the InCommon metadata
> and it's failing with the following error message. If I remove
> "requireSignedRoot="true"" it will download the data without warnings but I
> suspect it's not verified.
>
> Caused by:
> org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line
> 36 in XML document from file
> [/u01/app/badm/apps/test/shibboleth-idp/conf/metadata-provid
> ers.xml] is invalid; nested exception is org.xml.sax.SAXParseException;
> lineNumber: 36; columnNumber: 63; cvc-complex-type.3.2.2: Attribute
> 'requireSignedRoot' is not allowed t
> o appear in element 'MetadataFilter'.
>         at
> org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399)
> Caused by: org.xml.sax.SAXParseException: cvc-complex-type.3.2.2: Attribute
> 'requireSignedRoot' is not allowed to appear in element 'MetadataFilter'.
>         at
> com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
> 2016-01-13 16:19:33,659 - ERROR
> [net.shibboleth.utilities.java.support.service.AbstractReloadableService:185]
> - Service 'shibboleth.MetadataResolverService': No further attempt
> s will be made to reload
>
> My setup is as follows:
>
>         <MetadataProvider id="INCXXXXX"
> xsi:type="FileBackedHTTPMetadataProvider"
>
> metadataURL="http://md.incommon.org/InCommon/InCommon-metadata-preview.xml"
>
> backingFile="%{idp.home}/metadata/InCommon-metadata-preview.xml"
>                         minRefreshDelay="PT5M" maxRefreshDelay="PT1H"
> refreshDelayFactor="0.75">
>                 <MetadataFilter xsi:type="SignatureValidation"
> requireSignedRoot="true"
>
> certificateFile="%{idp.home}/credentials/inc-md-cert.pem"/>
>                 <MetadataFilter xsi:type="RequiredValidUntil"
> maxValidityInterval="P14D"/>
>                 <MetadataFilter xsi:type="EntityRoleWhiteList">
>                         <RetainedRole>md:SPSSODescriptor</RetainedRole>
>                 </MetadataFilter>
>         </MetadataProvider>
>
> Thanks,
> -Jeff
>
> --
> Jeffrey Ramsay
> Assistant Director
> Enterprise Software Infrastructure
> and Technical Planning
> Binghamton University
> http://www.binghamton.edu



--
Jeffrey Ramsay
Assistant Director
Enterprise Software Infrastructure
and Technical Planning
Binghamton University
http://www.binghamton.edu



Archive powered by MHonArc 2.6.16.

Top of Page