Shibboleth 2.4.3 SAML2 and WAYF

Law, Bob Robert.Law at wolterskluwer.com
Fri Jan 13 18:56:02 GMT 2012 

I have added the Handler and SessionInitiator tags as described in
section 3.1.2 SP installed prior to version 2.4.  They look like this in
my shibboleth2.xml file (actual https://url been changed for security
reasons)

<!-- Discovery service info -->
            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
            <SessionInitiator type="SAMLDS" url="https://myurl:myport"/>

shibd -t gives me the following errors:
2012-01-13 12:46:53 WARN Shibboleth.SecurityPolicyProvider.XML :
detected legacy Policy configuration, please convert to new PolicyRule
syntax
2012-01-13 12:46:53 ERROR Shibboleth.Application : SessionInitiator
handler with no Location property cannot be processed
overall configuration is loadable, check console for non-fatal problems

I have also added legacyOrgNames="true" to all of my metadata provider
tags.

The Embedded discovery service has been put in the htdocs directory
which is where my static pages for shibboleth are.

What am I doing wrong to get the "no Location property" error?  Am I
missing the boat completely?


Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at wolterskluwer.com
www.ovid.com


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 11:08 AM
To: users at shibboleth.net
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 12:57 PM, "Law, Bob" <Robert.Law at wolterskluwer.com> wrote:

>Okay, the big question, and what I'm going to try, is to put in the DS
>info in shibboleth2.xml and remove the WAYF information and see if it
>flys.  We are currently using a WAYF, and does the DS simply replace
it?

Well, yes, but not if you implemented the WAYF. If the implementation
supports both protocols, then the SP just works with either, but it
doesn't magically turn legacy WAYF code into new code.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net

More information about the users mailing list