Warnung Shibboleth.PropertySet : load() skipping duplicate property set:

Rainer Hoerbe rainer at hoerbe.at
Mon Aug 20 11:42:21 EDT 2012 

When restarting shibd (2.5.0) I am encountering this warning:
"Shibboleth.PropertySet : load() skipping duplicate property set: {urn:eu:stork:names:tc:STORK:1.0:assertion}RequestedAttribute"

The session initiator looks like this: 

<SessionInitiator type="SAML2" Location="/Login" forceAuthn="true" isPassive="false">
<samlp:AuthnRequest 
  xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" 
  xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol"
  ID="_Meaningslessstring4xmlvalidatioN" IssueInstant="1900-01-01T00:00:00Z" Version="2.0">
  <samlp:Extensions>
	<storkp:RequestedAttributes>
		<stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
		<stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
	</storkp:RequestedAttributes>
  </samlp:Extensions>
</samlp:AuthnRequest>


If I remove one of the 2 stork:RequestedAttribute elements, the warning goes away. It does, however, produce the expected AuthnRequest. Is this anything to worry about?

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://samlecho2.hoerbe.at/Shibboleth.sso/SAML2/POST" Destination="https://testshib.portalverbund.at/idp/profile/SAML2/Redirect/SSO" ID="_72e257e2a91281678e46f864b6766686" IssueInstant="2012-08-20T15:33:52Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion" xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://samlecho2.hoerbe.at/shibboleth</saml:Issuer>
<samlp:Extensions>
	<storkp:RequestedAttributes xmlns:storkp="urn:eu:stork:names:tc:STORK:1.0:protocol">
		<stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/eIdentifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion"/>
		<stork:RequestedAttribute Name="http://www.stork.gov.eu/1.0/givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" xmlns:stork="urn:eu:stork:names:tc:STORK:1.0:assertion"/>
	</storkp:RequestedAttributes>
  </samlp:Extensions>
   <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

Any opinion?
Thanks, Rainer

More information about the users mailing list