OIDC client resolver

Kevin Foote kevin.foote at colorado.edu
Thu Apr 9 11:17:22 EDT 2020 

So yea, Scott it does sort of seam like that. 

Here is a log output from a forced reload of the client information. There is a single client in my json file with client_id of iam_oidc_sb.

The lines I don’t understand are why is there an INFO log entry indicating parsing of my client. Then 3 lines later a TRACE entry stating “no client id criteria found…”

====
2020-04-08 15:22:23,511 - DEBUG [net.shibboleth.idp.profile.impl.ReloadServiceConfiguration:124] - Profile Action ReloadServiceConfiguration: Reloading configuration for 'shibboleth.ClientInformationResolverService'
2020-04-08 15:22:23,512 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:258] - Service 'shibboleth.ClientInformationResolverService': Reloading service configuration
2020-04-08 15:22:23,515 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/oidc-metadata-providers.xml]
2020-04-08 15:22:23,555 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:583] - Refreshing shibboleth.ClientInformationResolverService: startup date [Wed Apr 08 15:22:23 MDT 2020]; parent: Root WebApplicationContext
2020-04-08 15:22:23,614 - DEBUG [org.geant.idpextension.oidc.metadata.impl.AbstractReloadingOIDCEntityResolver:159] - Beginning refresh of metadata from '/opt/shibboleth-idp/metadata/cuboulder-oidc-clients.json'
2020-04-08 15:22:23,615 - DEBUG [org.geant.idpextension.oidc.metadata.impl.AbstractFileOIDCEntityResolver:118] - Returning the contents of /opt/shibboleth-idp/metadata/cuboulder-oidc-clients.json as byte array
2020-04-08 15:22:23,616 - DEBUG [org.geant.idpextension.oidc.metadata.impl.AbstractReloadingOIDCEntityResolver:165] - Processing new metadata from '/opt/shibboleth-idp/metadata/cuboulder-oidc-clients.json'
2020-04-08 15:22:23,619 - DEBUG [org.geant.idpextension.oidc.metadata.impl.FilesystemClientInformationResolver:187] - Could not parse single client information from the file, checking for array
2020-04-08 15:22:23,628 - INFO [org.geant.idpextension.oidc.metadata.impl.AbstractReloadingOIDCEntityResolver:170] - Parsed entity information for iam_oidc_sb
2020-04-08 15:22:23,629 - INFO [org.geant.idpextension.oidc.metadata.impl.AbstractReloadingOIDCEntityResolver:206] - Next refresh cycle for metadata provider '/opt/shibboleth-idp/metadata/cuboulder-oidc-clients.json' will occur on '2020-04-09T01:22:23.629Z' ('2020-04-08T19:22:23.629-06:00' local time)
2020-04-08 15:22:23,637 - TRACE [org.geant.idpextension.oidc.metadata.impl.FilesystemClientInformationResolver:136] - No client ID criteria found, returning all
2020-04-08 15:22:23,637 - INFO [org.geant.idpextension.oidc.metadata.impl.ChainingClientInformationResolver:187] - ChainingClientInformationResolver was configured with the following resolvers: [CUBoulderFileResolver: 1 clients]
2020-04-08 15:22:23,647 - INFO [org.geant.idpextension.oidc.metadata.resolver.RelyingPartyClientInformationProvider:124] - Top level ClientInformation Provider 'InternalEmbeddedChainResolver' did not have a sort key; giving it value '1'
2020-04-08 15:22:23,649 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:421] - Service 'shibboleth.ClientInformationResolverService': Completed reload and swapped in latest configuration for service 'shibboleth.ClientInformationResolverService'
2020-04-08 15:22:23,649 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:428] - Service 'shibboleth.ClientInformationResolverService': Reload complete
2020-04-08 15:22:23,649 - DEBUG [net.shibboleth.idp.profile.impl.ReloadServiceConfiguration:128] - Profile Action ReloadServiceConfiguration: Reloaded configuration for 'shibboleth.ClientInformationResolverService'
2020-04-08 15:22:23,675 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:89] - Profile Action RecordResponseComplete: Record response complete
====

Anyway .. maybe someone out there has the v1.1.1 plugin working ? 


--------
thanks
 kevin.foote

> On Apr 8, 2020, at 12:43 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> 
> On 4/8/20, 2:25 PM, "users on behalf of Kevin Foote" <users-bounces at shibboleth.net on behalf of kevin.foote at colorado.edu> wrote:
> 
>> I’m still digging. I’m guessing it really just has to due with the incoming request being incorrect or something. 
> 
> I don't think so, that's a very explicit message regarding the underlying object having been properly created and started. I would have guessed Rod's idea, it's not calling initialize() properly the way it should, and that would be a code bug and not specific to a single deploy unless the bean file were in fact missing stuff.
> 
> -- Scott
> 
> 
> -- 
> For Consortium Member technical support, see https://secure-web.cisco.com/1WTbAAezd76E1gxAX3NApOFDBrrLA8FMJaOLxmFeDICMG7-sjEY6jZVGh9BCmVVYs3EbiDgEXuNt5azYS_eajHmWfwCxF6bY8EIJg0VSLk5LtkMa4spgyYk-X_PotbcK0JpPP3LHdsl4JFhKLTMtZATS4LEckUKkBQbPXvsAONjPkdEatYA6wn1Q296VMqN0bVopE2WJcttdTb6AweYIHF3T-seS1KHfEpK3cEdv6WwzKtb80ER8-Zv6UJ9QCSoZb2VTaBmqffaut-pLC3sq9dGo1rbCDXiO9F3JK2JZyWZCYhUsLwAy8he6-iBo_QvOWb5ViS5F1TOxIiAd5BTp038o_UEPFI1gpH4Rp21dJzZMC8NNHNLRok46Yi_KvFIKp7EKJi9K0ainjhSwm6upp_qx6soJZXY82xgl2S39-0MAa3KHXjJlbmzH13caC8iA4qy8K7mz3INZSXx_MV939Ig/https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list