Shibboleth 2.4.3 SAML2 and WAYF

Law, Bob Robert.Law at
Fri Jan 13 19:34:14 GMT 2012

Unfortunately this is an old version of 1 from five or more years ago
that I upgraded to 2.2 two years ago.  Now due to needing to use SAML2,
we are upgrading to 2.4.  I have no idea whether or not my configuration
is correct any more after I have added the new lines into
shibboleth2.xml.  This is a self compiled version of shibboleth running
on Solaris 10.

Robert Law
Software Engineer
Wolters Kluwer Health Medical Research
801.304.3012 tel
Robert.Law at

-----Original Message-----
From: users-bounces at [mailto:users-bounces at]
On Behalf Of Cantor, Scott
Sent: Friday, January 13, 2012 12:26 PM
To: users at
Subject: Re: Shibboleth 2.4.3 SAML2 and WAYF

On 1/13/12 2:15 PM, "Law, Bob" <Robert.Law at> wrote:

>The first thing I tried was deleting my SessionInitiator and
>md:AssertionConsumerService replacing it with an SSO tag.  When I did
>that I got:

That suggests your SP is not running 2.4, actually. If it is (and it
probably is), there's a problem somewhere because its schemas are out of
date. Without knowing the platform and how it was upgraded, it's hard to
say, but I suspect that's a bad thing and you're going to need to
time at some point to do a complete refresh. In any case, the files are
mismatched at this point. How serious that might be is hard to guess.

If it's Linux, there might be a packaging problem I need to investigate.
If it's Windows, somebody mis-upgraded it at some point or did an
incomplete job. It would probably be worth doing a fresh unpack of the to try and correct that and make sure it's back in sync.

None of which means you have to fully upgrade the config or use the new
syntax, and I corrected the EDS documentation for the older one.

-- Scott

To unsubscribe from this list send an email to
users-unsubscribe at

More information about the users mailing list