Is IDP tied to specific spring version?

avalanche333 Matthew.R.Zmuda at
Tue Aug 6 08:01:30 EDT 2013

I also experienced not Exception's being thrown or errors logged.
The Attributes defined in attribute-resolver using SAML2String were simply being ignored when Shibboleth config was loaded.
So at the time SAML Assertion was being built the attributes were never being added.

No, you are using a different version of Spring then me, I was on 3.0.5 you are using 3.2. Perhaps this was identified at a defect in the framework and addressed.
To me the logic in Spring did not make any sense.

Matt Zmuda | IT Solutions Developer
DCTS Online Channels - Authentication and Security - CIP/ESR

From: Brian Reindel [via Shibboleth] [mailto:ml-node+s1660669n7589057h17 at]
Sent: Friday, August 02, 2013 8:43 PM
To: Zmuda, Matthew R
Subject: Re: Is IDP tied to specific spring version?

I've successfully upgraded the IdP WAR to use Spring 3.2.x, and I have
not experienced any problems (yet). I have attributes that get passed
that use the SAML2String encoder, and no exceptions are thrown.
Everything appears to be working as it should.

On Tue, Jul 30, 2013 at 8:33 AM, avalanche333 <[hidden email]</user/SendEmail.jtp?type=node&node=7589057&i=0>> wrote:

> For the record in-case there is plans to upgrade shibboleth to Spring 3.0.x
> the issue is
> thatedu.internet2.middleware.shibboleth.common.config.attribute.encoding.SAML2StringAttributeEncoderBeanDefinitionParser
> forces you to set an attribute "name". This name value ultimately gets
> registered in the org.springframework.core.SimpleAliasRegistry - aliasMap.
> However its the base class that actually uses the name so I suppose this
> would impact anything that extends
> edu.internet2.middleware.shibboleth.common.config.attribute.encoding.BaseAttributeEncoderBeanDefinitionParser
> and uses the name attribute.
> So at startup when the beans get loaded the AttributeEncoders defined in
> attribute-resolver that use type SAML2String (or anything that extends
> resolver:BaseAttributeEncoderType) with name attribute set would be ignored
> because Spring 3.0 had a change in the way it loads beans to get the name
> set and register it into the aliasMap. Once that name is in the alias map
> there is a check in
> to only load beans with a name that is NOT found in the aliasMap.
> Spring 2.5.x does not have an issue because Spring does not add the name to
> the alias map.
> The call that triggers all this loading from shibboleth is in:
> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver.onNewContextCreated(ApplicationContext
> newServiceContext) throws ServiceException
> beanNames =
> newServiceContext.getBeanNamesForType(AttributeDefinition.class);
> --
> View this message in context:
> Sent from the Shibboleth - Users mailing list archive at
> --
> To unsubscribe from this list send an email to [hidden email]</user/SendEmail.jtp?type=node&node=7589057&i=1>
To unsubscribe from this list send an email to [hidden email]</user/SendEmail.jtp?type=node&node=7589057&i=2>

If you reply to this email, your message will be added to the discussion below:
To unsubscribe from Is IDP tied to specific spring version?, click here<>.

NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au pour des instructions.

View this message in context:
Sent from the Shibboleth - Users mailing list archive at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list