Config of Shibboleth - Debug Question

Joseph Corso jcorso at scansoftware.com
Wed Nov 12 11:40:14 EST 2014 

Thanks Peter.

The config of the entire xml is below.

Thanks all.

--
<?xml version="1.0"?>

<!-- This is example metadata only. Do *NOT* supply it as is without review, and do *NOT* provide it in real time to your partners. -->

-<md:EntityDescriptor entityID="https://shib.domain2.local/shibboleth-sp" ID="_dbd18ee4e9ab63b5890dd8991ed8be07be4e413b" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">


-<md:Extensions xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport">

<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>

<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>

<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>

<alg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2009/xmldsig11#dsa-sha256"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<alg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>

</md:Extensions>


-<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:1.0:protocol">


-<md:Extensions>

<init:RequestInitiator Location="https://adfsweb.domain1.local/Shibboleth.sso/Login" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init"/>

</md:Extensions>


-<md:KeyDescriptor>


-<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:KeyName>shib.domain2.local</ds:KeyName>

<ds:KeyName>shib.domain2.local/shibboleth-sp</ds:KeyName>


-<ds:X509Data>

<ds:X509SubjectName>CN=adfsweb.domain1.local</ds:X509SubjectName>

<ds:X509Certificate>MIIDPTCCAiWgAwIBAgIJAMfRg3kiBrpgMA0GCSqGSIb3DQEBBQUAMCQxIjAgBgNV BAMTGXNqY21ldGVzdC5icmlnaHRzcGFjZS5jb20wIBcNMTQxMDMwMTc1NjI4WhgP MjExMzEwMDYxNzU2MjhaMCQxIjAgBgNVBAMTGXNqY21ldGVzdC5icmlnaHRzcGFj ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzqITrA2iT0uDq 0GFoe9fKWNTcHkY+B4+ce6MawCPn6ONTvXrP895p5V0sCtYTktBqnjh0Arj7o/IN e5HfCkh5xoOO1quOHxTUtP4ZadGL95SrxmTzpKs2KNAoSWeKglEcK0MhbCDALAuv tyUPNGRq8JEtFAoZFPkyMP7J11OvW2QLnfKYbGae0IR+zkkM3GMLeDStz+j0YebO U3DE2pZjB5uR2BTY95vohvLyVcKmGCEe9KeJWJj5rqDqVHU1D7NyPGD7U1kCBn7f oPExavw64W2PyMqSXuGRZlw7THCdTCDg797mQvm4qQH9yejZ28JFX8I8tFG8x+TM A61S97WLAgMBAAGjcDBuME0GA1UdEQRGMESCGXNqY21ldGVzdC5icmlnaHRzcGFj ZS5jb22GJ3NqY21ldGVzdC5icmlnaHRzcGFjZS5jb20vc2hpYmJvbGV0aC1zcDAd BgNVHQ4EFgQU34YZ5dMDt7f4KywysnSCMMW3a2wwDQYJKoZIhvcNAQEFBQADggEB ABA9IFO/qDE3d9KKo7RYhtNWSBakISQooCnsBCcPKmYs+HCPKt8pGBzcCs6+cuC6 TxhUlLS8Qpae0Wjj4gkbK8YLluWxsIjRvCJsfwDzU3VsceXo11BYOcgMQCpVYr+B uGgJodfMh/y1ej8f/rWeU3+YGJIS+xmsNwKfvAN3IYl5m3aIFekoGw3/EYeGRQN+ 6TuqHG2WANPVyF2KoTFQ+NxdlxWZDARD4iaB7P4K5pF8AZfJk2JxQC2PMfDlc+gc 47pKOZTiKQwuHAblo8IQTZJ6/7GPXJljfoOChtBmkWwCnND8KYxJ4Q8UMKMHerJ7 ndPve5RW9zNpyuoGcTk7byo= </ds:X509Certificate>

</ds:X509Data>

</ds:KeyInfo>

<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"/>

<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>

</md:KeyDescriptor>

<md:ArtifactResolutionService Location="https://adfsweb.domain1.local/Shibboleth.sso/Artifact/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" index="1"/>

<md:SingleLogoutService Location="https://adfsweb.domain1.local/Shibboleth.sso/SLO/SOAP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>

<md:SingleLogoutService Location="https://adfsweb.domain1.local/Shibboleth.sso/SLO/Redirect" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>

<md:SingleLogoutService Location="https://adfsweb.domain1.local/Shibboleth.sso/SLO/POST" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>

<md:SingleLogoutService Location="https://adfsweb.domain1.local/Shibboleth.sso/SLO/Artifact" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>

<md:AssertionConsumerService Location="https://adfsweb.domain1.local/Shibboleth.sso/SAML2/POST" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" index="1"/>

<md:AssertionConsumerService Location="https://adfsweb.domain1.local/Shibboleth.sso/SAML2/POST-SimpleSign" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" index="2"/>

<md:AssertionConsumerService Location="https://adfsweb.domain1.local/Shibboleth.sso/SAML2/Artifact" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" index="3"/>

<md:AssertionConsumerService Location="https://adfsweb.domain1.local/Shibboleth.sso/SAML2/ECP" Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" index="4"/>

<md:AssertionConsumerService Location="https://adfsweb.domain1.local/Shibboleth.sso/SAML/POST" Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" index="5"/>

<md:AssertionConsumerService Location="https://adfsweb.domain1.local/Shibboleth.sso/SAML/Artifact" Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" index="6"/>

</md:SPSSODescriptor>

</md:EntityDescriptor>

---

Joseph Corso 
617.444.0429




-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Peter Schober
Sent: Wednesday, November 12, 2014 11:33 AM
To: users at shibboleth.net
Subject: Re: Config of Shibboleth - Debug Question

* Joseph Corso <jcorso at scansoftware.com> [2014-11-12 17:24]:
> ???

You're not providing any technical details in your replies, e.g. a snippet of lines from your configuration (that the software complained
about) so we can try to identify what you did wrong.

> In terms of well formed XML... I took the default file and just 
> modified the sections I needed to given the install documentation I 
> used.

I used well-formed as a technical term:
http://en.wikipedia.org/wiki/Well-formed_document
There is software (e.g. xmllint from the expat package) that can validate the well-formedness of an XML file. Never mind, the Shib SP already told you what is wrong and where.
Without more details forthcoming from you there is nothing anybody else can do. 
-peter
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list