Configuring delegation plugin: rules/constraints/syntax problem in relying-party.xml

Karla Borecky kborecky at smith.edu
Tue Apr 24 18:57:20 BST 2012 

Hello all,

My localhost tomcat log file is erroring out at the beginning of this
section I added to relying-party.xml (added section indicated by my
comment):

    <!-- ========================================== -->
    <!--     Security Configurations                -->
    <!-- ========================================== -->
    <security:Credential id="IdPCredential"
xsi:type="security:X509Filesystem">

<security:PrivateKey>/opt/shibboleth-idp/credentials/idp.key</security:PrivateKey>

<security:Certificate>/opt/shibboleth-idp/credentials/idp.crt</security:Certificate>
    </security:Credential>

<!-- Added trust engine and security policy for Liberty SSOS configuration.
-kgb, 17-Apr-2012  -->

            <security:TrustEngine
id="shibboleth.ext.delegation.IdPAssertionTrustEngine"
xsi:type="security:StaticExplicitKeySignature">
                <security:Credential id="IdPValidationOnlyCredential"
xsi:type="security:X509Filesystem">

<security:Certificate>/opt/shibboleth-idp/credentials/idp.crt</security:Certificate>
                </security:Credential>
            </security:TrustEngine>

 <security:SecurityPolicy id="shibboleth.ext.delegation.LibertySSOSPolicy"
xsi:type="security:SecurityPolicyType">
            <security:Rule xsi:type="samlsec:Replay"/>
            <security:Rule xsi:type="samlsec:IssueInstant"/>
            <security:Rule xsi:type="samlsec:SAML2AuthnRequestsSigned"/>
            <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature"
trustEngineRef="shibboleth.SignatureTrustEngine" />
            <security:Rule xsi:type="samldel:ClientCertAuth"
trustEngineRef="shibboleth.CredentialTrustEngine" />
            <security:Rule xsi:type="samldel:WSSSAML20AssertionTokenRule"
trustEngineRef="shibboleth.ext.delegation.IdPAssertionTrustEngine" />
            <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
        </security:SecurityPolicy>

The log has this explanation:

Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'security:TrustEngine'.
One of '{"urn:mace:shibboleth:2.0:security":SecurityPolicy}' is expected.

Should the SecurityPolicy be nested under the TrustEngine element? Or does
the SecurityPolicy have to come first? Or none of the above?

Thank you for your help. I've been searching the interwebs, but no luck so
far. I tried to make these entries look like others in the file, but I
don't know what the required and optional components of these elements are,
so I'm kind of going blind.

regards,
Karla B

-- 
Karla Borecky
Systems Administrator
ITS
Smith College
Northampton, MA 01063
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120424/3fe48dad/attachment.html

More information about the users mailing list