Error 404 when saving IdP Entity ID in NetApp

Mon Sep 26 16:42:47 UTC 2022

Matt,

Before the last stanza there is an open comment '<!--'; there is no closing comment '-->'

Ray

On Mon, 2022-09-26 at 12:32 -0400, Matt Swann via users wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hey Peter,

Thank you sir, please see below for the metadata-providers.xml. I removed just some information about our .mil domain.

<?xml version="1.0" encoding="UTF-8"?>
<!-- This file is an EXAMPLE metadata configuration file. -->
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
    xmlns="urn:mace:shibboleth:2.0:metadata"
    xmlns:resource="urn:mace:shibboleth:2.0:resource"
    xmlns:security="urn:mace:shibboleth:2.0:security"
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
                        urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
                        urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
                        urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">

    <!-- ========================================================================================== -->
    <!--                             Metadata Configuration                                         -->
    <!--                                                                                            -->
    <!--  Below you place the mechanisms which define how to load the metadata for SP(s) you will   -->
    <!--  provide service to.                                                                       -->
    <!--                                                                                            -->
    <!--  Two examples are provided.  The Shibboleth Documentation at                               -->
    <!--  https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration                -->
    <!--  provides more details.                                                                    -->
    <!--                                                                                            -->
    <!--  NOTE.  This file SHOULD NOT contain the metadata for this IdP.                            -->
    <!-- ========================================================================================== -->
<MetadataProvider id="ONTAP" xsi:type="FileBackedHTTPMetadataProvider"
                      backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
                      metadataURL="https://server.mil">
    <!--
    Example HTTP metadata provider.  Use this if you want to download the metadata
    from a remote source.

    You *MUST* provide the SignatureValidationFilter in order to function securely.
    Get the public key certificate from the party publishing the metadata, and validate
    it with them via some out of band mechanism (e.g., a fingerprint on a secure page).

    The EntityRoleWhiteList saves memory by only loading metadata from SAML roles
    that the IdP needs to interoperate with.
    -->

    <!--
    <MetadataProvider id="HTTPMetadata"
                      xsi:type="FileBackedHTTPMetadataProvider"
                      backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
                      metadataURL="http://WHATEVER">

        <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
        <MetadataFilter xsi:type="EntityRoleWhiteList">
            <RetainedRole>md:SPSSODescriptor</RetainedRole>
        </MetadataFilter>
    </MetadataProvider>
    -->

    <!--
    Example file metadata provider.  Use this if you want to load metadata
    from a local file.  You might use this if you have some local SPs
    which are not "federated" but you wish to offer a service to.

    If you do not provide a SignatureValidation filter, then you have the
    responsibility to ensure that the contents on disk are trustworthy.
    -->

    <!--
    <MetadataProvider id="LocalMetadata"  xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
    -->

    <!--
    Example CAS metadata source.
    -->

    <!--
    <MetadataProvider id="CasMetadata"
                      xsi:type="FilesystemMetadataProvider"
                      metadataFile="PATH_TO_YOUR_METADATA"
                      indexesRef="shibboleth.CASMetadataIndices" />

</MetadataProvider>

On Mon, Sep 26, 2022 at 12:25 PM Peter Schober via users <users at shibboleth.net<mailto:users at shibboleth.net>> wrote:
* Matt Swann via users <users at shibboleth.net<mailto:users at shibboleth.net>> [2022-09-26 14:50]:
> Line 80 in XML document from file [C:\Program Files
> (x86)\Shibboleth\IdP\conf\metadata-providers.xml] is invalid [...]
> XML document structures must start and end within the same entity.

If that doesn't help you solve the issue you could post your complete
metadata-providers.xml file here.
(And while there's no reason it should, make sure it doesn't contain
anything secret.)

-peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220926/9240751a/attachment.htm>