MetadataResolverService Initial load failed?
Scott Gilbert
sgilbert at ucsb.edu
Wed Nov 27 13:04:14 EST 2019
Still getting the same error message. Below is my current incommon config.
<MetadataProvider id="INCOMMON"
xsi:type="FileBackedHTTPMetadataProvider"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFile="%{idp.home}/metadata/incommon-metadata.xml">
<MetadataFilter xsi:type="SignatureValidation"
certificateFile="%{idp.home}/credentials/inc-md-cert.pem" />
</MetadataProvider>
Do I need to state this?
<MetadataFilter xsi:type="RequiredValidUntil"
maxValidityInterval="P30D"/>
I have enough memory allocated
Environment="CATALINA_OPTS=-Xms512M -Xmx2048M -server -XX:+UseG1GC"
Scott Gilbert
IAM System Admin
ETS Enterprise Technology Services
University of California Santa Barbara
On Tue, Nov 26, 2019 at 3:16 PM Christopher Bongaarts <cab at umn.edu> wrote:
> Within that <MetadataProvider> element you'll find a nested element like
> this:
>
> <MetadataFilter xsi:type="SignatureValidation"
> requireSignedRoot="true"
> certificateFile="%{idp.home}/credentials/incommon.pem" />
>
> It's having trouble loading that certificateFile.
> On 11/26/2019 5:02 PM, Scott Gilbert wrote:
>
> Thanks for the reply.
>
> So this metadata provider statement is not sufficient
>
> <MetadataProvider id="INCOMMON"
> xsi:type="FileBackedHTTPMetadataProvider"
> metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
> backingFile="%{idp.home}/metadata/incommon-metadata.xml">
>
> as I recall there is some form of verification, so as not to spoof, it may
> be in the incommon docs.
>
> Scott Gilbert
> IAM System Admin
> ETS Enterprise Technology Services
> University of California Santa Barbara
>
>
>
> On Tue, Nov 26, 2019 at 2:44 PM Christopher Bongaarts <cab at umn.edu> wrote:
>
>> Check the contents and permissions of your InCommon metadata validation
>> certificate...
>>
>> On 11/26/2019 4:28 PM, Scott Gilbert wrote:
>> > Caused by: org.springframework.beans.factory.BeanCreationException:
>> > Error creating bean with name '(inner bean)#5ff6431a': Invocation of
>> > init method failed; nested exception is
>> > org.cryptacular.StreamException: IO error
>> > at
>> >
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1631)
>> > Caused by: org.cryptacular.StreamException: IO error
>> > at org.cryptacular.util.CertUtil.readCertificateChain(CertUtil.java:328)
>> > Caused by: java.io.IOException: Incomplete data
>> > at sun.security.provider.X509Factory.readOneBlock(X509Factory.java:612)
>> > 2019-11-26 14:07:11,867 - - ERROR
>> >
>> [net.shibboleth.utilities.java.support.service.AbstractReloadableService:186]
>>
>> > - Service 'shibboleth.MetadataResolverService': No further attempts
>> > will be made to reload
>>
>> --
>> %% Christopher A. Bongaarts %% cab at umn.edu %%
>> %% OIT - Identity Management %% http://umn.edu/~cab %%
>> %% University of Minnesota %% +1 (612) 625-1809 %%
>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
>
> --
> %% Christopher A. Bongaarts %% cab at umn.edu %%
> %% OIT - Identity Management %% http://umn.edu/~cab %%
> %% University of Minnesota %% +1 (612) 625-1809 %%
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191127/4d83a8c1/attachment.html>
More information about the users
mailing list