Error Installation IDp v3
Peter Schober
peter.schober at univie.ac.at
Sat May 13 06:35:25 EDT 2017
* naveen at nexio.com.au <naveen at nexio.com.au> [2017-05-13 08:33]:
> Hi, i am trying to install SHibboleth idp with service provider using the
> guide https://www.switch.ch/aai/guides/idp/installation/
You're aware youre following SWITCH's guides, not the Shibboleth
project's documentation, and asking about SWITCH's documentaion on the
Shibboleth project's support list?
> https://www.switch.ch/aai/guides/sp/installation-2.5/?os=ubuntu
What SP you're using has nothing to do with the error from the IDP.
> Error filtering metadata from
> http://metadata.aai.switch.ch/metadata.switchaai.xml
Are you actually trying to join SWITCHaai (as an Australian company,
it seems)? If so, you'd should contact SWITCHaai for support, not this
forum. If not, loading SWITCH's metadata is not what you want.
> Caused by: org.opensaml.saml.metadata.resolver.filter.FilterException:
> Metadata's validity interval P0Y1M3DT1H5M3.112S is larger than is allowed
> P0Y0M7DT0H0M0.000S
I don't know how you could be getting that error when loading SWITCH's
metadata, but the error means you have RequiredValidUntil filter on
the configured MetadataProvider with id="SWITCHaaiMD" that only
accepts metadata with a 'validUntil' (see the XML attibute of the same
name, within the actual downloaded SAML Metadata) of no more than 7
days in the future, and that the metadata the IDP is acting upon has a
validUntil that's 1 month, 3 days and a few hours in the future.
Maybe you have tried adding other metadata to that configuration
somehow, that may well not fit the requirements SWITCH have encoded in
to configuration specific to *their* depoyment.
-peter
More information about the users
mailing list