Shibboleth 2.4.3 SAML2 and WAYF

Law, Bob Robert.Law at wolterskluwer.com
Fri Jan 13 19:15:48 GMT 2012 

The first thing I tried was deleting my SessionInitiator and
md:AssertionConsumerService replacing it with an SSO tag.  When I did
that I got:
            <SSO discoveryProtocol="SAMLDS"
discoveryURL="https://myurl:myport">
                SAML2 SAML1
            </SSO>

2012-01-13 13:12:44 ERROR XMLTooling.ParserPool : error on line 29,
column 88, message: Unknown element 'SSO'
2012-01-13 13:12:44 ERROR XMLTooling.ParserPool : error on line 29,
column 88, message: Attribute 'discoveryProtocol' is not declared for
element 'SSO'
2012-01-13 13:12:44 ERROR XMLTooling.ParserPool : error on line 29,
column 88, message: Attribute 'discoveryURL' is not declared for element
'SSO'
2012-01-13 13:12:44 ERROR XMLTooling.ParserPool : error on line 46,
column 14, message: Element 'SSO' is not valid for content model:
'((SessionInitiator|LogoutInitiator|AssertionConsumerService|ArtifactRes
olutionService|SingleLogoutService|ManageNameIDService)|Handler)'
2012-01-13 13:12:44 ERROR Shibboleth.Config : error while loading
resource (/o/r/rlaw/shibqa/shibboleth/etc/shibboleth/shibboleth2.xml):
XML error(s) during parsing, check log for specifics
2012-01-13 13:12:44 FATAL Shibboleth.Config : caught exception while
loading configuration: XML error(s) during parsing, check log for
specifics
configuration is invalid, check console for specific problems


Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at wolterskluwer.com
www.ovid.com


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 12:05 PM
To: users at shibboleth.net
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 1:56 PM, "Law, Bob" <Robert.Law at wolterskluwer.com> wrote:

>I have added the Handler and SessionInitiator tags as described in
>section 3.1.2 SP installed prior to version 2.4.  They look like this
in
>my shibboleth2.xml file (actual https://url been changed for security
>reasons)

A SessionInitiator has to be inside a full chain of handlers that drive
which protocols are supported and then have a discovery handler at the
end. Or you have to use the new <SSO> element syntax that is used in 2.4
by default, and then there are no SessionInitiator elements at all.

All top level handlers always have a Location property to tell the SP
how
they get invoked, but you can't do this with a top level handler anyway.

>What am I doing wrong to get the "no Location property" error?  Am I
>missing the boat completely?

Config wise, yes.

If you're getting the deperecation warning, then this is a legacy
configuration and you need to switch the SessionInitiator in the
existing
chain used by the deployment, whatever that happens to be, from WAYF to
SAMLDS. It will be at the end of the chain.

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net

More information about the users mailing list