PersistentIdStore Class not found error with Shibboleth v4.0.1

Mark Cairney Mark.Cairney at ed.ac.uk
Thu Jul 2 13:57:42 UTC 2020 

Hi,

You're right on comparing the same input on the node running V3.4.6.

This block is missing:

    <saml2:Subject>
        <saml2:NameID
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
NameQualifier="https://idp-test.ucs.ed.ac.uk/idp/shibboleth"
SPNameQualifier="https://test.ed.unidesk.ac.uk/tas/secure/login/verify">AApzZWNyZXQxNDY5zMofBNhbZdSldzMTGjsjaQOqDGwt7BQO0QLwOZ9U/34xxu7wbp1vqlOZo8uO44HzxgXxy9ezxlEaiXsQFFM5Yg2cmqLoJonNHnNwLrCecSwUnUVdY7P4qq/FA+bPKryiwVqN8zjwGeXz8LrVjvOMhjNCqyY+XpCV34U+NQ==</saml2:NameID>

We are looking at simply logging the source attribute so we don't need
to store it in a separate attribute.

I thought that if a config worked without any warnings/errors on 3.4.6
it should work on v 4.0.x?

In saying that what we do have configured in saml-nameid.xml is quite
different from the V4 example (and is going against the warning about
sharing a datasource bean with the JPAStorageService!)

    <bean id="PersistentIdStore"
class="net.shibboleth.idp.saml.nameid.impl.JDBCPersistentIdStore">
      <property name="dataSource"
ref="shibboleth.JPAStorageService.DataSource" />
    </bean>

I'll update the config and report back if I continue to have problems.

Kind regards,

Mark



On 02/07/2020 14:26, Cantor, Scott wrote:
> On 7/2/20, 9:04 AM, "users on behalf of Mark Cairney" <users-bounces at shibboleth.net on behalf of Mark.Cairney at ed.ac.uk> wrote:
> 
>> Is this a bug or an error in my config?
> 
> I would assume the latter, but that was on the top end of the areas most difficult to keep working because of all the changes so a bug isn't that surprising.
> 
> A bean trying to override all of that is supposed to inherit from shibboleth.JDBCPersistentIdStore to be insulated. I don't know if that existed in V3, but it does now.
> 
> The V4 persistent ID docs were updated a few weeks ago to get all the corrections applied.
> 
>> The node does appear to start up and I can run aacli successfully.
> 
> It certainly isn't "working", whether it starts up depends on fail fast settings and the particular behavior tested.
> 
> You'll get no NameIDs out of it, that's for certain.
> 
> -- Scott
> 
> 

-- 
/****************************

Mark Cairney
ITI Enterprise Services
Information Services
University of Edinburgh

Tel: 0131 650 6565
Email: Mark.Cairney at ed.ac.uk
PGP: 0x435A9621

*******************************/

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the users mailing list