[Shib-Users] Problem with PolicyRequirementRule of « Script » type

16 views
Skip to first unread message

Sylvain DEROSIAUX

unread,
Mar 3, 2010, 7:42:20 AM3/3/10
to shibbole...@internet2.edu
Hi !

No way to run a PolicyRequirementRule of � Script � type (IdP 2.1.5 on
Debian Lenny)

<PolicyRequirementRule xsi:type="basic:Script">
<Script>
<![CDATA[
return true ;
]]>
</Script>
</PolicyRequirementRule>

aacli.sh returns :

Exception in thread "main"
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'shibboleth.AttributeFilterEngine': Invocation of init
method failed; nested exception is
edu.internet2.middleware.shibboleth.common.service.ServiceException:
Configuration was not loaded for shibboleth.AttributeFilterEngine
service, error creating components.
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)

at java.security.AccessController.doPrivileged(Native Method)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)

at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)

at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)

at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)

at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)

at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)

at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)

at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)

at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)

at
edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.loadConfigurations(AttributeAuthorityCLI.java:178)

at
edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.main(AttributeAuthorityCLI.java:88)

Caused by:
edu.internet2.middleware.shibboleth.common.service.ServiceException:
Configuration was not loaded for shibboleth.AttributeFilterEngine
service, error creating components.
at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:191)

at
edu.internet2.middleware.shibboleth.common.config.BaseReloadableService.initialize(BaseReloadableService.java:147)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375)

at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)

... 14 more
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'Script'. One of
'{"urn:mace:shibboleth:2.0:afp:mf:basic":Script,
"urn:mace:shibboleth:2.0:afp:mf:basic":ScriptFile}' is expected.
at
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at
edu.internet2.middleware.shibboleth.common.config.SpringDocumentLoader.loadDocument(SpringDocumentLoader.java:55)

at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)

at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:342)

at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)

at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)

at
edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.populateRegistry(SpringConfigurationUtils.java:81)

at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:169)


I also tried ScriptFile but without success...
Have an idea of why it doesn't work ?

Sylvain

Chad La Joie

unread,
Mar 3, 2010, 8:24:42 AM3/3/10
to shibbole...@internet2.edu
It should be <basic:Script>. I've updated the docs as well.

--
Chad La Joie
www.itumi.biz
trusted identities, delivered

Sylvain DEROSIAUX

unread,
Mar 3, 2010, 9:06:24 AM3/3/10
to shibbole...@internet2.edu
Ok, thanks, no more this error. :-)
But I have another one :

ERROR
[edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI:350]
- Error encountered during attribute resolution and filtering
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.FilterProcessingException:
Unable to execute match functor script
at
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.ScriptMatchFunctor.executeScript(ScriptMatchFunctor.java:141)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.ScriptMatchFunctor.doEvaluatePolicyRequirement(ScriptMatchFunctor.java:80)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor.evaluatePolicyRequirement(AbstractMatchFunctor.java:32)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine.filterAttributes(ShibbolethAttributeFilteringEngine.java:125)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine.filterAttributes(ShibbolethAttributeFilteringEngine.java:86)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority.getAttributes(ShibbolethSAML2AttributeAuthority.java:177)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority.getAttributes(ShibbolethSAML2AttributeAuthority.java:1)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.performSAML2AttributeResolution(AttributeAuthorityCLI.java:241)
[shibboleth-common-1.1.4.jar:na]
at
edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI.main(AttributeAuthorityCLI.java:98)
[shibboleth-common-1.1.4.jar:na]
Caused by: javax.script.ScriptException:
sun.org.mozilla.javascript.internal.EvaluatorException: invalid return
(<Unknown source>#1) in <Unknown source> at line number 1
at
com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:110)
[na:1.6.0_12]
at
com.sun.script.javascript.RhinoScriptEngine.eval(RhinoScriptEngine.java:124)
[na:1.6.0_12]
at
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.ScriptMatchFunctor.executeScript(ScriptMatchFunctor.java:132)
[shibboleth-common-1.1.4.jar:na]
... 8 common frames omitted

Why logs said � return true ; � is an invalid return !? I don't
understand.. I have tried wiki's example but no more success.

Have an idea ?

Best regards,
Sylvain

Chad La Joie a �crit :

Chad La Joie

unread,
Apr 5, 2010, 7:24:18 AM4/5/10
to shibbole...@internet2.edu
This looks like a bug. Please go ahead and file it so that it can get
fixed.

--

Reply all
Reply to author
Forward
0 new messages