disable assertion encryption by entityID

Abhishek Kumar abhishek.21.kumar at gsk.com
Wed Sep 8 10:10:25 UTC 2021


Remove me.

From: users <users-bounces at shibboleth.net> On Behalf Of Bergmann, Clemens
Sent: Wednesday, September 8, 2021 2:52 PM
To: Shib Users <users at shibboleth.net>
Subject: disable assertion encryption by entityID


EXTERNAL
Hi,

I want to disable encryption of assertions for one of our test SPs.
I tried to implement it with a predicate passed as p:encryptAssertions-ref.
Part of my configuration is below.

Unfortunately I get an error stating “nested exception is java.lang.IllegalArgumentException: Cannot convert value of type 'net.shibboleth.utilities.java.support.logic.PredicateSupport$$Lambda$678/0x0000000840ee1840' to required type 'boolean' for property 'encryptAssertions'”

Is this a bad idea from the start or is it only a small error?
Kind Regards
Clemens

<bean id="custom.ShouldEncrypt" parent="shibboleth.Conditions.NOT">
      <constructor-arg>
        <bean parent="shibboleth.Conditions.RelyingPartyId">
          <constructor-arg name="candidates">
            <list>
              <value>https://idm-lab01-dev.example.com/shibboleth</value<https://idm-lab01-dev.example.com/shibboleth%3c/value>>
            </list>
          </constructor-arg>
        </bean>
      </constructor-arg>
    </bean>

    <!-- define defaults with tou and attribute release -->
    <bean id="SAML2.SSO.default" parent="SAML2.SSO"
      p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }"
      p:nameIDFormatPrecedence="#{{
        'urn:mace:heidi-hessen.de:SAML:2.0:nameid-format:heidiuuid',
        'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
        'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' }}"
      p:encryptAssertions-ref="custom.ShouldEncrypt"
    />

    <!-- Default configuration, with default settings applied for all profiles. -->
    <bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty" p:responderIdLookupStrategy-ref="profileResponderIdLookupFunction">
        <property name="profileConfigurations">
            <list>
                <!-- SAML 1.1 and SAML 2.0 AttributeQuery are disabled by default. Use Puppet parameters aq_sps and aq_tags. -->

                <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }"/>
                <ref bean="SAML1.ArtifactResolution" />

                <ref bean="SAML2.SSO.default" />
                <ref bean="SAML2.Logout" />
                <ref bean="SAML2.ArtifactResolution" />

                <ref bean="Liberty.SSOS" />

                <bean parent="CAS.LoginConfiguration" p:postAuthenticationFlows="#{ {'terms-of-use', 'attribute-release'} }" />
                <ref bean="CAS.ProxyConfiguration" />
                <ref bean="CAS.ValidateConfiguration" />
            </list>
        </property>
    </bean>

Viele Grüße
Clemens (Bergmann)
--
Clemens Bergmann
Gruppe Nutzermanagement und Entwicklung
Technische Universität Darmstadt
Hochschulrechenzentrum, Alexanderstraße 2, 64289 Darmstadt
Tel. +49 6151 16 71184
http://www.hrz.tu-darmstadt.de/


GSK monitors email communications sent to and from GSK in order to protect GSK, our employees, customers, suppliers and business partners, from cyber threats and loss of GSK Information. GSK monitoring is conducted with appropriate confidentiality controls and in accordance with local laws and after appropriate consultation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210908/a2a2c1b1/attachment.htm>


More information about the users mailing list