Working 3.1.1 IDP upgrade to 3.2.0 now broken

Jeffrey Eaton jeaton at cmu.edu
Mon Dec 14 13:59:37 EST 2015 

That error looks to me like it's complaining about the AttributeDefinition, not the DataConnector.  Mine looks like:

    <resolver:AttributeDefinition xsi:type="ad:Simple" id="OPEID" sourceAttributeID="OPEID">
        <resolver:Dependency ref="static-nsc" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="OPEID" namespace="http://www.pesc.org/standards/attrs"/>
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="OPEID" friendlyName="OPEID" />
    </resolver:AttributeDefinition>

My DataConnector is essentially the same as yours.

-jeaton

On Dec 3, 2015, at 11:07 AM, Grau, Roderick <rgrau at albany.edu<mailto:rgrau at albany.edu>> wrote:

The IDP starts up.

Warning in idp-process.log:
2015-12-03 10:25:30,448 - WARN [net.shibboleth.idp.attribute.resolver.spring.ad.BaseAttributeDefinitionParser:100] - Attribute Definition 'OPEID': sourceAttributeID was not specified but is required

OPEID is a static data connector.

<!-- National Student Clearing House 07/23/2013 -->
  <resolver:DataConnector xsi:type="dc:Static"
    xmlns="urn:mace:shibboleth:2.0:resolver:dc"
    id="static-student-clearinghouse">
    <dc:Attribute id="OPEID">
        <dc:Value>XXXXXXX</dc:Value>
    </dc:Attribute>
  </resolver:DataConnector>

Error after trying to log into a SP:
2015-12-03 10:29:06,215 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:388] - Attribute Resolver 'ShibbolethAttributeResolver': Finished resolving dependencies for 'OPEID'
2015-12-03 10:29:06,224 - ERROR [net.shibboleth.idp.saml.profile:-2] - Uncaught runtime exception
net.shibboleth.utilities.java.support.logic.ConstraintViolationException: Data connector dependencies must specify a dependant attribute ID
        at net.shibboleth.utilities.java.support.logic.Constraint.isTrue(Constraint.java:262)
2015-12-03 10:29:06,241 - WARN [org.opensaml.profile.action.impl.LogEvent:76] - An error event occurred while processing the request: RuntimeException

According to the wiki (https://wiki.shibboleth.net/confluence/display/IDP30/StaticDataConnector) static data connectors do not get sourceAttributeIDs.

Adding a sourceAttributeID to the data connector causes this error in idp-process.log:

2015-12-03 11:02:42,761 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] - Service 'shibboleth.AttributeResolverService': Initial load failed
net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 659 in XML document from file [/opt/shibboleth-idp/conf/attribute-resolver.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 659; columnNumber: 30; cvc-complex-type.3.2.2: Attribute 'sourceAttributeID' is not allowed to appear in element 'resolver:DataConnector'.
        at net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:334)
Caused by: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 659 in XML document from file [/opt/shibboleth-idp/conf/attribute-resolver.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 659; columnNumber: 30; cvc-complex-type.3.2.2: Attribute 'sourceAttributeID' is not allowed to appear in element 'resolver:DataConnector'.
        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399)
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.3.2.2: Attribute 'sourceAttributeID' is not allowed to appear in element 'resolver:DataConnector'.
        at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)


Any help would be appreciated.

-Rod



--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151214/3f3a6645/attachment.html>

More information about the users mailing list