Attribute 'includeConditionsNotBefore' is not allowed to appear in element 'rp:ProfileConfiguration' Idp version 2. 4.4
Vignesh, Vanna G.
vignesh at musc.edu
Mon May 18 10:05:47 EDT 2015
As one of the SP's required to explicitly set includeConditionsNotBefore = false, we upgraded our IDP from v 2.2.x to v 2.4.3 as v 2.2.x doesn't support includeConditionsNotBefore.
A security patch was released for v 2.4.3 and hence we upgraded to v 2.4.4. Now relying party is throwing error. "The root cause of this error was: org.xml.sax.SAXParseException: cvc-complex-type.3.2.2:
Attribute 'includeConditionsNotBefore' is not allowed to appear in element 'rp:ProfileConfiguration'.
We have test v 2.4.3 that works fine for the same configuration.
<rp:RelyingParty id="https://kod.*****"
provider="https://kod.******"
defaultSigningCredentialRef="******">
<rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" includeConditionsNotBefore="false"/>
<rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="true" includeConditionsNotBefore="false"/>
<rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" encryptAssertions="never" />
<rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" encryptAssertions="never" />
</rp:RelyingParty>
Was anything changed from v 2.4.3 to v.2.4.4?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150518/d82a9748/attachment.html>
More information about the users
mailing list