[Shib-Users] metadata problem
已查看 123 次
跳至第一个未读帖子
dave massie
2010年9月24日 15:42:002010/9/24
收件人 shibbole...@internet2.edu
I am having a problem getting shibboleth to read a metadata file.
I have created the metadata file by hand. I start shibboleth and it fails when trying to load the metadata file I just created.
I copied the MD file from a different, working MD file. I checked the file and it looks correct to me. But, I feel sure, the problem must be with my configuration of the metadata or the relying-party.
I am posting the file below and am hoping someone could see if they can see some error.
Thanks,
Dave
The MD file is:
<EntityDescriptor entityID="http://www.workday.com" xmlns="urn:oasis:names:mtc:SAML:2.0:metadata">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://impl.workday.com/georgetown0/login-saml.flex" />
</SPSSODescriptor>
</EntityDescriptor>
The relying-party configuration of this MD is:
<MetadataProvider id="WorkdayMD" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
metadataFile="/var/services/shibboleth/shibboleth-idp/metadata/workday-metadata.xml" maintainExpiredMetadata="true" />
And the snip from the log containing the error is:
15:14:45.932 - DEBUG [org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider:136] - Refreshing metadata from file /var/
services/shibboleth/shibboleth-idp/metadata/workday-metadata.xml
15:14:45.933 - TRACE [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:176] - Parsing retrieved metadata into a DOM
object
15:14:45.933 - TRACE [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:179] - Unmarshalling and caching metdata DOM
15:14:45.933 - ERROR [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:184] - No unmarshaller registered for docume
nt element {urn:oasis:names:mtc:SAML:2.0:metadata}EntityDescriptor
15:14:45.946 - ERROR [org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider:166] - Unable to unmarshall metadata
org.opensaml.xml.io.UnmarshallingException: org.opensaml.xml.io.UnmarshallingException: No unmarshaller registered for document
element {urn:oasis:names:mtc:SAML:2.0:metadata}EntityDescriptor
at org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.unmarshallMetadata(AbstractMetadataProvider.java:190) [
-------------------- big stack trace goes here ----------------
Then:
15:14:45.947 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:187] - Configuration was not loaded for shib
boleth.RelyingPartyConfigurationManager service, error creating components. The root cause of this error was: org.opensaml.xml.
io.UnmarshallingException: No unmarshaller registered for document element {urn:oasis:names:mtc:SAML:2.0:metadata}EntityDescript
or
15:14:45.950 - TRACE [edu.internet2.middleware.shibboleth.common.config.BaseService:190] - Full stacktrace is:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'WorkdayMD': Invocation of init method fa
iled; nested exception is org.opensaml.saml2.metadata.provider.MetadataProviderException: Unable to unmarshall metadata
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBe
------------ with another stack trace ---------------------
Scott Cantor
2010年9月24日 15:53:492010/9/24
收件人 shibbole...@internet2.edu
> I am posting the file below and am hoping someone could see if they can
see
> some error.
see
> some error.
The namespace is wrong, it's :md: not :mtc:
-- Scott
dave massie
2010年9月24日 16:06:132010/9/24
收件人 shibbole...@internet2.edu
Thanks! I made the change it is has loaded.
Dave
Dave
Peter Schober
2010年9月24日 17:03:492010/9/24
收件人 shibbole...@internet2.edu
* dave massie <dave....@gmail.com> [2010-09-24 21:42]:
> I have created the metadata file by hand. I start shibboleth and it
> fails when trying to load the metadata file I just created.
>
> I copied the MD file from a different, working MD file. I checked
> the file and it looks correct to me. But, I feel sure, the problem
> must be with my configuration of the metadata or the relying-party.
> I have created the metadata file by hand. I start shibboleth and it
> fails when trying to load the metadata file I just created.
>
> I copied the MD file from a different, working MD file. I checked
> the file and it looks correct to me. But, I feel sure, the problem
> must be with my configuration of the metadata or the relying-party.
https://spaces.internet2.edu/display/SHIB2/MetadataCorrectness
has a ton of info on several ways of checking metadata, including
tools and usage examples.
-peter
回复全部
回复作者
转发
0 个新帖子