Can't understand error messages
Peter Schober
peter.schober at univie.ac.at
Mon Nov 18 08:04:47 EST 2019
* Daniele Albrizio <albrizio at units.it> [2019-11-18 12:23]:
> Responsible metadata-providers.xml configuration (without this conf the IdP
> starts successfully):
>
> <MetadataProvider id="Jobiri-MD"
> xsi:type="FileBackedHTTPMetadataProvider"
> backingFile="/opt/shibboleth-idp/metadata/jobiri-metadata.xml"
> metadataURL="https://<SOME_URL_OF_MINE>">
> <MetadataFilter xsi:type="EntityRoleWhiteList">
> <!-- Consume all and only SP metadata in the aggregate -->
> <RetainedRole>md:SPSSODescriptor</RetainedRole>
> </MetadataFilter>
> </MetadataProvider>
Does your surrounding chaining MetadataProvider in
conf/metadata-providers.xml define the "md" XML namespace prefix
(xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata")?
Otherwise the above isn't valid XML.
If that's not it I'd look for earlier WARN and/or ERROR messages in
the log.
Also (and fully unrelated) note that without a signature validation
filter the above is possibly not really secure (with only TLS as
protection, which does not provide integrity and authenticity on the
document level).
-peter
More information about the users
mailing list