Which handler LDAP SSO
Morris, Andi
amorris at cardiffmet.ac.uk
Wed Nov 12 10:05:52 EST 2014
Aha, yes I can see that now, thanks. I hadn't configured the attribute resolver with all the examples given. I think I couldn't see the wood for the trees.
Cheers,
Andi
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Peter Schober
Sent: 12 November 2014 14:34
To: users at shibboleth.net
Subject: Re: Which handler LDAP SSO
Andi,
I have not done such an integration myself so far so can't comment on further details.
* Morris, Andi <amorris at cardiffmet.ac.uk> [2014-11-12 15:08]:
> 13:56:17.790 - ERROR
> [edu.internet2.middleware.shibboleth.common.config.BaseService:188]
> - Configuration was not loaded for shibboleth.AttributeResolver
> service, error creating components. The root cause of this error
> was: org.xml.sax.SAXParseException: Key
> 'DataConnectorAttributeDefinitionDependencyRef' with value
> 'HTTP/servername.cardiffmet.ac.uk' not found for identity constraint
> of element 'AttributeResolver'.
[...]
> <resolver:Dependency ref="HTTP/servername.cardiffmet.ac.uk" />
> <resolver:Dependency ref="INTERNAL.DOMAIN.AC.UK" />
The resolver:Dependency elements reference the internal ids of data connectors defined in the attribute resolver, they know nothing about kerberos. The root cause for this seems to be a confusion about this part in the Kerberos Login Handler docs:
<resolver:Dependency ref="krb_principalname" />
<resolver:Dependency ref="krb_domain" /> Those strings are meant to be used literally, they reference by name data connectors defined elsewhere on that page.
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list