disable assertion encryption by entityID

Bergmann, Clemens clemens.bergmann at tu-darmstadt.de
Wed Sep 8 09:21:49 UTC 2021 

Hi,

 

I want to disable encryption of assertions for one of our test SPs.

I tried to implement it with a predicate passed as p:encryptAssertions-ref.

Part of my configuration is below.

 

Unfortunately I get an error stating “nested exception is java.lang.IllegalArgumentException: Cannot convert value of type 'net.shibboleth.utilities.java.support.logic.PredicateSupport$$Lambda$678/0x0000000840ee1840' to required type 'boolean' for property 'encryptAssertions'”

 

Is this a bad idea from the start or is it only a small error?

Kind Regards

Clemens

 

<bean id="custom.ShouldEncrypt" parent="shibboleth.Conditions.NOT">

      <constructor-arg>

        <bean parent="shibboleth.Conditions.RelyingPartyId">

          <constructor-arg name="candidates">

            <list>

              <value>https://idm-lab01-dev.example.com/shibboleth</value>

            </list>

          </constructor-arg>

        </bean>

      </constructor-arg>

    </bean>

 

    <!-- define defaults with tou and attribute release -->

    <bean id="SAML2.SSO.default" parent="SAML2.SSO"

      p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }"

      p:nameIDFormatPrecedence="#{{

        'urn:mace:heidi-hessen.de:SAML:2.0:nameid-format:heidiuuid',

        'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',

        'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' }}"

      p:encryptAssertions-ref="custom.ShouldEncrypt"

    />

 

    <!-- Default configuration, with default settings applied for all profiles. -->

    <bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty" p:responderIdLookupStrategy-ref="profileResponderIdLookupFunction">

        <property name="profileConfigurations">

            <list>

                <!-- SAML 1.1 and SAML 2.0 AttributeQuery are disabled by default. Use Puppet parameters aq_sps and aq_tags. -->

 

                <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }"/>

                <ref bean="SAML1.ArtifactResolution" />

 

                <ref bean="SAML2.SSO.default" />

                <ref bean="SAML2.Logout" />

                <ref bean="SAML2.ArtifactResolution" />

 

                <ref bean="Liberty.SSOS" />

 

                <bean parent="CAS.LoginConfiguration" p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }" />

                <ref bean="CAS.ProxyConfiguration" />

                <ref bean="CAS.ValidateConfiguration" />

            </list>

        </property>

    </bean>

 

Viele Grüße

Clemens (Bergmann)

-- 

Clemens Bergmann

Gruppe Nutzermanagement und Entwicklung

Technische Universität Darmstadt

Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt

Tel. +49 6151 16 71184

 <http://www.hrz.tu-darmstadt.de/> http://www.hrz.tu-darmstadt.de/

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210908/af70ba83/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6377 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20210908/af70ba83/attachment.p7s>

More information about the users mailing list