Error encountered when implementing SP SAMLRequest signing="conditional"
Peter Schober
peter.schober at univie.ac.at
Mon Oct 8 10:13:49 EDT 2018
* Peter Schober <peter.schober at univie.ac.at> [2018-10-08 13:27]:
> * Pruvost, Christian (ELS-OXF) <c.pruvost at elsevier.com> [2018-10-08 12:27]:
> > We are running a Service Provider with Shibboleth 2.6.0
> [...]
> > 22:58:38.879(08/29) ERROR XMLTooling.ParserPool : error on line 25, column 273, message: value 'conditional' not in enumeration
>
> Since the docs mention this in a "Version 2.6+" section:
> "The newly-defined "conditional" setting"...
> https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSigningEncryption
> are you sure the machine this error comes from is running Shib 2.6 or
> higher? Try "shibd -v" on that same system. Also, the version string
> should be logged somewhere, IIRC.
I think the other indicator would be that even if the signing setting
was absent the SP should sign its requests to an IDP that declares
WantAuthnRequestsSigned="true" in metadata (as you say is the case),
at least with 2.6, per the above docs.
Always assuming there's no RelyingParty override in effect for the IDP
in question.
-peter
More information about the users
mailing list