Problem uploading metadata to testshib

Nate Klingenstein ndk at
Sat Dec 26 13:03:23 EST 2015


We obviously have no idea who owns which providers, but in this 
instance, I'm pretty sure it's not you.  I would normally just fix it in 
the short term, but the metadata file has a lot of seriously creative 
things in it so I've moved it to the quarantine pile.

If your metadata appears to have suddenly disappeared and it had 
"cd5948dd7" in a hostname, please recheck it and upload something new.

In the intermediate term, the developers probably need to double-check 
the metadata file to ensure any bugs here aren't fatal(it's seriously 
creative) and we need to bug the maintainers of TestShib to get it up to 
v3 again.  I'll provide a copy of the file for the developers, but I 
don't expect this to be a top priority because it's an older version.

Long story short, please try again, and thank you for alerting us.

On 12/26/2015 09:58 AM, Wayne Woodfield wrote:
> I’d appreciate any ideas that the community has about this.  I’m 
> uploading SP metadata to shibtest, and I get the success message: 
> "Your metadata was uploaded successfully” and my metadata file gets 
> echoed back to me.   But when I send my SAMLRequest to the idp, it 
> doesn’t recognize my entity id, so the metadata didn’t seem to take. 
>  When I look at the testshib logs after uploading my metadata file, it 
> says:
> 11:13:59.447 - ERROR [org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider:307] - Unable to unmarshall metadata
> java.lang.IllegalArgumentException: Invalid format: "2016-12-31T00:00:00Z " is malformed at " "
> 	at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.unmarshallMetadata( ~[opensaml-2.6.0.jar:na]
> 	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.unmarshallMetadata( [opensaml-2.6.0.jar:na]
> 	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processNewMetadata( [opensaml-2.6.0.jar:na]
> 	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh( [opensaml-2.6.0.jar:na]
> 	at org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider$ [opensaml-2.6.0.jar:na]
> 	at java.util.TimerThread.mainLoop( [na:1.7.0_55]
> 	at [na:1.7.0_55]
> Caused by: java.lang.IllegalArgumentException: Invalid format: "2016-12-31T00:00:00Z " is malformed at " "
> 	at org.joda.time.format.DateTimeFormatter.parseMillis( ~[joda-time-2.2.jar:2.2]
> 	at org.joda.time.convert.StringConverter.getInstantMillis( ~[joda-time-2.2.jar:2.2]
> 	at org.joda.time.base.BaseDateTime.<init>( ~[joda-time-2.2.jar:2.2]
> 	at org.joda.time.DateTime.<init>( ~[joda-time-2.2.jar:2.2]
> 	at org.opensaml.saml2.metadata.impl.EntityDescriptorUnmarshaller.processAttribute( ~[opensaml-2.6.0.jar:na]
> 	at ~[xmltooling-1.4.0.jar:na]
> 	at ~[xmltooling-1.4.0.jar:na]
> 	at ~[xmltooling-1.4.0.jar:na]
> 	at ~[xmltooling-1.4.0.jar:na]
> 	at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.unmarshallMetadata( ~[opensaml-2.6.0.jar:na]
> 	... 6 common frames omitted
> But this is my metadata file - clearly it doesn’t have a malformed 
> date like that:
> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" 
> validUntil="2016-12-26T16:36:20Z" cacheDuration="PT1451579780S" 
> entityID="sZ2k4nJiHS">
>   <md:SPSSODescriptor AuthnRequestsSigned="false" 
> WantAssertionsSigned="true" 
> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
>     <md:KeyDescriptor use="encryption">
>       <ds:KeyInfo xmlns:ds="">
>         <ds:X509Data>
>           <ds:X509Certificate>MIIDUTCCAjigAwIBAgIBADANBgkqhkiG9w0BAQ0FADBCMQswCQYDVQQGEwJ1czEN
> HxLZAS6Gvvq6VTJpF5x4Ct5tBwszgqa1gfe4Zpk6G5roGCLC4YOb1qq+ONTJq1xB
> 3BkQ5LiGYJY7Ev/JqDwhUdJZVLlnmu7Evn4rVqsp+tH8X46V5ukblCGxQiEjKyYF
> uOEwqGpWfmIfSY96xyqqxI32LfoO8ZTYsXk5W8kalV24HNpK2vmWy4q6UPq35UNs
> qEPb7N6mzKiu5bPjAZDESs3kqhBcJhnUKu3JOR9eMV9r0PRLX59ZOEMh6zBT2hQ0
> +mbGPlfkyX4aspuoDHPOJcW84BTTYi57eY6ePJ8LsZECjoClEYg8jgOt2yJJidQz
> +CdfnUz8m1j+jeLCS1YvLYjcuGd7oCxjDlRoepwtYitWURIFQIgzNXNBjF1GC0wT
> XEUwj9/bS3Nf8I4IKP/Hm1ELrL+4kp0ciHz4B85bQD43EPJdFQR8609uBdQDi2RL
> 9LQVbC2yyp6j9HovE7p+hqGbkML7s4YPxZcFrqmqNgM8GTXzWUTWgIRK7my/Hwwm
> MfQ51InVcJdUwseFeMvWLYcApxQ05YOFtu+nVtw1i/aKZRUH1BATScwGHE212AOo
> JKVmi1pZIwOXo9rtcHAdM6BC6pOEsyodouWDFUE24iJZghtTBQ==</ds:X509Certificate>
>         </ds:X509Data>
>       </ds:KeyInfo>
>       <md:EncryptionMethod 
> Algorithm=""/>
>     </md:KeyDescriptor>
>     <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
>     <md:AssertionConsumerService 
> Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
> Location="" 
> index="1"/>
>   </md:SPSSODescriptor>
> </md:EntityDescriptor>
> I copy-pasted that metadata right out of the testshib upload response, 
> not from my local file, so I know this is exactly what testshib is 
> receiving.  Just to make sure that I wasn’t missing anything, I wrote 
> a little code snippet to parse my own metadata file with the opensaml 
> unmarshaller, and it unmarshalled it without any errors.  I checked my 
> cert, just in case it had any issues, and it came out valid.  It’s 
> almost like I’m continually getting my file crossed with some other 
> file.  Any thoughts?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list