MetadataResolverService Initial load failed?

Scott Gilbert sgilbert at ucsb.edu
Wed Nov 27 13:04:14 EST 2019


Still getting the same error message. Below is my current incommon config.

    <MetadataProvider id="INCOMMON"
xsi:type="FileBackedHTTPMetadataProvider"
        metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFile="%{idp.home}/metadata/incommon-metadata.xml">
      <MetadataFilter xsi:type="SignatureValidation"
certificateFile="%{idp.home}/credentials/inc-md-cert.pem" />
    </MetadataProvider>

Do I need to state this?
        <MetadataFilter xsi:type="RequiredValidUntil"
maxValidityInterval="P30D"/>

I have enough memory allocated
Environment="CATALINA_OPTS=-Xms512M -Xmx2048M -server -XX:+UseG1GC"


Scott Gilbert
IAM System Admin
ETS Enterprise Technology Services
University of California Santa Barbara



On Tue, Nov 26, 2019 at 3:16 PM Christopher Bongaarts <cab at umn.edu> wrote:

> Within that <MetadataProvider> element you'll find a nested element like
> this:
>
>       <MetadataFilter xsi:type="SignatureValidation"
> requireSignedRoot="true"
>               certificateFile="%{idp.home}/credentials/incommon.pem" />
>
> It's having trouble loading that certificateFile.
> On 11/26/2019 5:02 PM, Scott Gilbert wrote:
>
> Thanks for the reply.
>
> So this metadata provider statement is not sufficient
>
>     <MetadataProvider id="INCOMMON"
> xsi:type="FileBackedHTTPMetadataProvider"
>     metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
> backingFile="%{idp.home}/metadata/incommon-metadata.xml">
>
> as I recall there is some form of verification, so as not to spoof, it may
> be in the incommon docs.
>
> Scott Gilbert
> IAM System Admin
> ETS Enterprise Technology Services
> University of California Santa Barbara
>
>
>
> On Tue, Nov 26, 2019 at 2:44 PM Christopher Bongaarts <cab at umn.edu> wrote:
>
>> Check the contents and permissions of your InCommon metadata validation
>> certificate...
>>
>> On 11/26/2019 4:28 PM, Scott Gilbert wrote:
>> > Caused by: org.springframework.beans.factory.BeanCreationException:
>> > Error creating bean with name '(inner bean)#5ff6431a': Invocation of
>> > init method failed; nested exception is
>> > org.cryptacular.StreamException: IO error
>> > at
>> >
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1631)
>> > Caused by: org.cryptacular.StreamException: IO error
>> > at org.cryptacular.util.CertUtil.readCertificateChain(CertUtil.java:328)
>> > Caused by: java.io.IOException: Incomplete data
>> > at sun.security.provider.X509Factory.readOneBlock(X509Factory.java:612)
>> > 2019-11-26 14:07:11,867 -  - ERROR
>> >
>> [net.shibboleth.utilities.java.support.service.AbstractReloadableService:186]
>>
>> > - Service 'shibboleth.MetadataResolverService': No further attempts
>> > will be made to reload
>>
>> --
>> %%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
>> %%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
>> %%  University of Minnesota    %%  +1 (612) 625-1809    %%
>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
>
> --
> %%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
> %%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
> %%  University of Minnesota    %%  +1 (612) 625-1809    %%
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191127/4d83a8c1/attachment.html>


More information about the users mailing list