error shibboleth2.xml version 2.3.1/2.4.3

Peter Schober peter.schober at
Tue Nov 27 12:13:22 EST 2012

* Christoph Krempe <christoph.krempe at> [2012-11-27 17:36]:
> I'm just trying to migrate a Shibboleth SP from Sun Solaris (Apache 2.0
> + Shibboleth 2.4.3 )  to Debian (Apache 2.0 + Shibboleth 2.3.1) using
> the same sibboleth2.xml

I hope you're not literally referring to httpd version 2.0? What
Debian release would that be?

You very likely had to build the SP on Solaris yourself, why not do
this on Debian and keep current, instead of going backwards?

Personally on Debian (unsupported by the shib project, either way)
most people run the backport. Maybe this will help (German language,

> XMLTooling.ParserPool : error on line 52, column 107, message: missing
> required attribute 'policyId'

Try adding policyId="default" to //ApplicationDefaults

> 2012-11-27 15:07:09 ERROR XMLTooling.ParserPool : error on line 63,
> column 219, message: attribute 'relayState' is not declared for element
> 'Sessions'

Try removing that.

> 2012-11-27 15:07:09 ERROR XMLTooling.ParserPool : error on line 79,
> column 71, message: no declaration found for element 'SSO'

You'd need to use the old-style/verbose config then, as per the
documentation (adding a SessionInitiator etc.)

> Using the original shibboleth2.xml that comes with the shibboleth
> 2.3.1 installation on Debian the shibd start is ok.

You could either try to fix the config as per ther suggestions from
the error messages, or start from the old config and add the necessary
settings (which probably will only be a handful) to that.
Mayself I wouldn't bother and rather get the SP updated (backports).

> Looks like downgrade with the same sibboleth2.xml is not possible?

Obviously that would prevent the project from ever adding any features
or improvements or shorter syntax (within minor releases, that is).

More information about the users mailing list