idp 2.4.3 update - unknown protocol: classpath

Paul B. Henson henson at csupomona.edu
Sat Nov 15 00:08:05 EST 2014 

I'm testing out the new idp 2.4.3 update and ran into a snag. After
installing the new version and updating internal.xml with the new class,
the idp fails to start with the error:

20:49:03.917 - ERROR
[edu.internet2.middleware.shibboleth.common.config.BaseService:188] -
Configuration was not loaded for shibboleth.HandlerManager service,
error creating components.  The root cause of this error was:
java.net.MalformedURLException: unknown protocol: classpath

The configuration is exactly the same as had been working perfectly for
ages other than changing the class from
org.apache.xerces.util.SecurityManager to
com.sun.org.apache.xerces.internal.util.SecurityManager.

After some testing, it seems that the problem is being caused by the CAS
integration module we're using to delegate authentication to CAS. My
current production handler.xml starts with:

<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xmlns:shib-cas="http://unicon.net/shib-cas/authn"
                     xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler
                                         classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
                                         http://unicon.net/shib-cas/authn
                                         classpath:/schema/casLoginHandler.xsd">

This had been working fine, but now results in a
java.net.MalformedURLException error. If I remove the shib-cas module,
and revert to using the built-in shib authentication handler, using
this:

<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xmlns:shib-cas="http://unicon.net/shib-cas/authn"
                     xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler
                                         classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">

The configuration loads and works fine. I'm not sure why this use of
classpath works, but adding in the one for CAS blows chunks. I'm not
much of a spring XML guru, so maybe I'm doing something stupid the
previous parser was lenient about but this one doesn't like?

Any suggestions much appreciated, thanks...


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.cpp.edu/~henson/
Operating Systems and Network Analyst  |  henson at cpp.edu
California State Polytechnic University  |  Pomona CA 91768

More information about the users mailing list