Which handler LDAP SSO

[Peter Schober]

Andi,

I have not done such an integration myself so far so can't comment on
further details.

* Morris, Andi <amorris at cardiffmet.ac.uk> [2014-11-12 15:08]:
> 13:56:17.790 - ERROR
> [edu.internet2.middleware.shibboleth.common.config.BaseService:188]
> - Configuration was not loaded for shibboleth.AttributeResolver
> service, error creating components.  The root cause of this error
> was: org.xml.sax.SAXParseException: Key
> 'DataConnectorAttributeDefinitionDependencyRef' with value
> 'HTTP/servername.cardiffmet.ac.uk' not found for identity constraint
> of element 'AttributeResolver'.
[...]
>       <resolver:Dependency ref="HTTP/servername.cardiffmet.ac.uk" />
>       <resolver:Dependency ref="INTERNAL.DOMAIN.AC.UK" />

The resolver:Dependency elements reference the internal ids of data
connectors defined in the attribute resolver, they know nothing about
kerberos. The root cause for this seems to be a confusion about this
part in the Kerberos Login Handler docs:
  <resolver:Dependency ref="krb_principalname" />
  <resolver:Dependency ref="krb_domain" />
Those strings are meant to be used literally, they reference by name
data connectors defined elsewhere on that page.
-peter