Problem uploading metadata to testshib

Wayne Woodfield wayne at woodfieldfamily.org
Sat Dec 26 11:58:19 EST 2015 

I’d appreciate any ideas that the community has about this.  I’m uploading SP metadata to shibtest, and I get the success message: "Your metadata was uploaded successfully” and my metadata file gets echoed back to me.   But when I send my SAMLRequest to the idp, it doesn’t recognize my entity id, so the metadata didn’t seem to take.  When I look at the testshib logs after uploading my metadata file, it says:

11:13:59.447 - ERROR [org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:307] - Unable to unmarshall metadata
org.opensaml.xml.io.UnmarshallingException: java.lang.IllegalArgumentException: Invalid format: "2016-12-31T00:00:00Z " is malformed at " "
	at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.unmarshallMetadata(AbstractMetadataProvider.java:473) ~[opensaml-2.6.0.jar:na]
	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.unmarshallMetadata(AbstractReloadingMetadataProvider.java:304) [opensaml-2.6.0.jar:na]
	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processNewMetadata(AbstractReloadingMetadataProvider.java:345) [opensaml-2.6.0.jar:na]
	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh(AbstractReloadingMetadataProvider.java:261) [opensaml-2.6.0.jar:na]
	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider$RefreshMetadataTask.run(AbstractReloadingMetadataProvider.java:508) [opensaml-2.6.0.jar:na]
	at java.util.TimerThread.mainLoop(Timer.java:555) [na:1.7.0_55]
	at java.util.TimerThread.run(Timer.java:505) [na:1.7.0_55]
Caused by: java.lang.IllegalArgumentException: Invalid format: "2016-12-31T00:00:00Z " is malformed at " "
	at org.joda.time.format.DateTimeFormatter.parseMillis(DateTimeFormatter.java:752) ~[joda-time-2.2.jar:2.2]
	at org.joda.time.convert.StringConverter.getInstantMillis(StringConverter.java:65) ~[joda-time-2.2.jar:2.2]
	at org.joda.time.base.BaseDateTime.<init>(BaseDateTime.java:171) ~[joda-time-2.2.jar:2.2]
	at org.joda.time.DateTime.<init>(DateTime.java:286) ~[joda-time-2.2.jar:2.2]
	at org.opensaml.saml2.metadata.impl.EntityDescriptorUnmarshaller.processAttribute(EntityDescriptorUnmarshaller.java:81) ~[opensaml-2.6.0.jar:na]
	at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallAttribute(AbstractXMLObjectUnmarshaller.java:254) ~[xmltooling-1.4.0.jar:na]
	at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:113) ~[xmltooling-1.4.0.jar:na]
	at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshallChildElement(AbstractXMLObjectUnmarshaller.java:355) ~[xmltooling-1.4.0.jar:na]
	at org.opensaml.xml.io.AbstractXMLObjectUnmarshaller.unmarshall(AbstractXMLObjectUnmarshaller.java:127) ~[xmltooling-1.4.0.jar:na]
	at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.unmarshallMetadata(AbstractMetadataProvider.java:470) ~[opensaml-2.6.0.jar:na]
	... 6 common frames omitted

But this is my metadata file - clearly it doesn’t have a malformed date like that:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2016-12-26T16:36:20Z" cacheDuration="PT1451579780S" entityID="sZ2k4nJiHS">
  <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="encryption">
      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig#>">
        <ds:X509Data>
          <ds:X509Certificate>MIIDUTCCAjigAwIBAgIBADANBgkqhkiG9w0BAQ0FADBCMQswCQYDVQQGEwJ1czEN
MAsGA1UECAwEVXRhaDEPMA0GA1UECgwGTGFueW9uMRMwEQYDVQQDDApsYW55b24u
Y29tMB4XDTE1MTIyNDE1MjYwNloXDTI1MTIyMTE1MjYwNlowQjELMAkGA1UEBhMC
dXMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAoMBkxhbnlvbjETMBEGA1UEAwwKbGFu
eW9uLmNvbTCCASMwDQYJKoZIhvcNAQEBBQADggEQADCCAQsCggECAM8NGU7O80PP
HxLZAS6Gvvq6VTJpF5x4Ct5tBwszgqa1gfe4Zpk6G5roGCLC4YOb1qq+ONTJq1xB
3BkQ5LiGYJY7Ev/JqDwhUdJZVLlnmu7Evn4rVqsp+tH8X46V5ukblCGxQiEjKyYF
uOEwqGpWfmIfSY96xyqqxI32LfoO8ZTYsXk5W8kalV24HNpK2vmWy4q6UPq35UNs
qEPb7N6mzKiu5bPjAZDESs3kqhBcJhnUKu3JOR9eMV9r0PRLX59ZOEMh6zBT2hQ0
+mbGPlfkyX4aspuoDHPOJcW84BTTYi57eY6ePJ8LsZECjoClEYg8jgOt2yJJidQz
GMRyviW53NcPAgMBAAGjUDBOMB0GA1UdDgQWBBRtKZfJCh+YPoVBxtMGXcTa0IOx
DDAfBgNVHSMEGDAWgBRtKZfJCh+YPoVBxtMGXcTa0IOxDDAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBDQUAA4IBAgBPEGXt8SjDxIM0rWTg3KlvEQvfA609m45z/7fv
+CdfnUz8m1j+jeLCS1YvLYjcuGd7oCxjDlRoepwtYitWURIFQIgzNXNBjF1GC0wT
XEUwj9/bS3Nf8I4IKP/Hm1ELrL+4kp0ciHz4B85bQD43EPJdFQR8609uBdQDi2RL
9LQVbC2yyp6j9HovE7p+hqGbkML7s4YPxZcFrqmqNgM8GTXzWUTWgIRK7my/Hwwm
MfQ51InVcJdUwseFeMvWLYcApxQ05YOFtu+nVtw1i/aKZRUH1BATScwGHE212AOo
JKVmi1pZIwOXo9rtcHAdM6BC6pOEsyodouWDFUE24iJZghtTBQ==</ds:X509Certificate>
        </ds:X509Data>
      </ds:KeyInfo>
      <md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc <http://www.w3.org/2001/04/xmlenc#aes128-cbc>"/>
    </md:KeyDescriptor>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://mobile-uat.lanyonevents.com/portal/samlSso.ww <https://mobile-uat.lanyonevents.com/portal/samlSso.ww>" index="1"/>
  </md:SPSSODescriptor>
</md:EntityDescriptor>

I copy-pasted that metadata right out of the testshib upload response, not from my local file, so I know this is exactly what testshib is receiving.  Just to make sure that I wasn’t missing anything, I wrote a little code snippet to parse my own metadata file with the opensaml unmarshaller, and it unmarshalled it without any errors.  I checked my cert, just in case it had any issues, and it came out valid.  It’s almost like I’m continually getting my file crossed with some other file.  Any thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151226/4c689102/attachment.html>

More information about the users mailing list