Shibboleth 2.4.3 SAML2 and WAYF

Law, Bob Robert.Law at
Fri Jan 13 18:56:02 GMT 2012

I have added the Handler and SessionInitiator tags as described in
section 3.1.2 SP installed prior to version 2.4.  They look like this in
my shibboleth2.xml file (actual https://url been changed for security

<!-- Discovery service info -->
            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
            <SessionInitiator type="SAMLDS" url="https://myurl:myport"/>

shibd -t gives me the following errors:
2012-01-13 12:46:53 WARN Shibboleth.SecurityPolicyProvider.XML :
detected legacy Policy configuration, please convert to new PolicyRule
2012-01-13 12:46:53 ERROR Shibboleth.Application : SessionInitiator
handler with no Location property cannot be processed
overall configuration is loadable, check console for non-fatal problems

I have also added legacyOrgNames="true" to all of my metadata provider

The Embedded discovery service has been put in the htdocs directory
which is where my static pages for shibboleth are.

What am I doing wrong to get the "no Location property" error?  Am I
missing the boat completely?

Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at

-----Original Message-----
From: users-bounces at [mailto:users-bounces at]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 11:08 AM
To: users at
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 12:57 PM, "Law, Bob" <Robert.Law at> wrote:

>Okay, the big question, and what I'm going to try, is to put in the DS
>info in shibboleth2.xml and remove the WAYF information and see if it
>flys.  We are currently using a WAYF, and does the DS simply replace

Well, yes, but not if you implemented the WAYF. If the implementation
supports both protocols, then the SP just works with either, but it
doesn't magically turn legacy WAYF code into new code.

-- Scott

To unsubscribe from this list send an email to
users-unsubscribe at

More information about the users mailing list