Attribute 'includeConditionsNotBefore' is not allowed to appear in element 'rp:ProfileConfiguration' Idp version 2. 4.4

Vignesh, Vanna G. vignesh at
Mon May 18 10:05:47 EDT 2015

As one of the SP's required to explicitly set  includeConditionsNotBefore = false, we upgraded our IDP from v 2.2.x to v 2.4.3 as v 2.2.x doesn't support includeConditionsNotBefore.
A security patch was released for v 2.4.3 and hence we upgraded to v 2.4.4. Now relying party is throwing error. "The root cause of this error was: org.xml.sax.SAXParseException: cvc-complex-type.3.2.2:
Attribute 'includeConditionsNotBefore' is not allowed to appear in element 'rp:ProfileConfiguration'.
We have test v 2.4.3 that works fine for the same configuration.
<rp:RelyingParty id="https://kod.*****"
                <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" includeConditionsNotBefore="false"/>
                <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="true" includeConditionsNotBefore="false"/>
                <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" encryptAssertions="never" />
                <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" encryptAssertions="never" />

Was anything changed from v 2.4.3 to v.2.4.4?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list