Fwd: Upgrade to 2.3.4, Attribute Resolver problem
26 views
Skip to first unread message
Daniele Russo
Nov 7, 2011, 10:14:58 AM11/7/11
to us...@shibboleth.net
I have upgraded "Identity Provider" from version 2.2.1 to 2.3.4, in our attribute resolver we have some attribute in ldap and some attribute in rdbms oracle.
After upgrade, the "Identity Provider" doesn't resolve the attributes on rdbms, without apparently error, it resolves only uid attribute on ldap.
Below the attribute-resolver.xml that works with previous configuration.
<?xml version="1.0" encoding="UTF-8"?>
<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
<resolver:AttributeDefinition xsi:type="Simple" id="CodiceUtente" sourceAttributeID="CODPIN" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:Dependency ref="regute" />
<resolver:Dependency ref="regsoc" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="CodiceUtente" friendlyName="CodiceUtente" />
</resolver:AttributeDefinition>
....
Some attribute
....
<resolver:AttributeDefinition id="uid" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="uid">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:mace:dir:attribute-def:uid" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
</resolver:AttributeDefinition>
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
<resolver:DataConnector id="regute" xsi:type="dc:RelationalDatabase" queryTimeout="PT10.000S">
<dc:ContainerManagedConnection resourceName="java:comp/env/jdbc/ORAIDP" />
<dc:QueryTemplate>
<![CDATA[
select 'ENTPEN9934' codent,
a.codpin codpin,
a.mat mat,
'Cittadino' ruo,
b.codfis codfis,
decode (a.indemlpec, null, a.indeml, a.indemlpec) indeml,
get_profile (a.codpin) profilo,
cogprf,
nomprf,
sexprf,
titstuprf,
doptitstu,
isc_giorno (b.mat, sysdate) flgisc,
fu_pen (b.mat) flgpen,
decode (fu_contadnp (b.mat, 1) + fu_contadnp (b.mat, 1), 0, 0, 1) flgdicoms,
isc_anno (b.mat, fu_ac_web()) flgiscdic,
fu_anz_cassa (b.mat, sysdate, 1) annanz,
fu_anz_cassa (b.mat, sysdate, 2) gganz,
fu_eta (sysdate, datnas) anneta,
del,
fu_ra(b.mat,fu_ac_web()) flgdicirp,
fu_vaa(b.mat,fu_ac_web()) flgdiciva
from i_regute a, b_anacas b
where b.mat(+) = a.mat and codpin = '$requestContext.principalName'
]]>
</dc:QueryTemplate>
</resolver:DataConnector>
<resolver:DataConnector id="regsoc" xsi:type="dc:RelationalDatabase" queryTimeout="PT10.000S">
<dc:ContainerManagedConnection resourceName="java:comp/env/jdbc/ORAIDP" />
<dc:QueryTemplate>
<![CDATA[
select CODPIN ,CODSOC MAT, DECODE(INDPECRPL,NULL,INDEMLRPL,INDPECRPL) INDEML, GET_PROFILE(CODPIN) PROFILO FROM I_REGSOC WHERE CODPIN='$requestContext.principalName'
]]>
</dc:QueryTemplate>
</resolver:DataConnector>
<resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
ldapURL="ldap://xxx.inarcassa.it ldap://xxx.inarcassa.it" baseDN="ou=Users,dc=inarcassa,dc=it" principal="cn=Manager,dc=
inarcassa,dc=it"
principalCredential="xxxxxx">
<FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</FilterTemplate>
</resolver:DataConnector>
<!-- ========================================== -->
<!-- Principal Connectors -->
<!-- ========================================== -->
<resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</resolver:AttributeResolver>
<!-- ========================================== -->
<!-- Principal Connectors -->
<!-- ========================================== -->
<resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</resolver:AttributeResolver>
I can't attach log otherwise the moderator cuts my message.
Where's the mistake?
Thanks
Daniele
After upgrade, the "Identity Provider" doesn't resolve the attributes on rdbms, without apparently error, it resolves only uid attribute on ldap.
Below the attribute-resolver.xml that works with previous configuration.
<?xml version="1.0" encoding="UTF-8"?>
<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
urn:mace:shibboleth:2.0:resolver:pc classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
urn:mace:shibboleth:2.0:resolver:ad classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
urn:mace:shibboleth:2.0:resolver:dc classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd
urn:mace:shibboleth:2.0:attribute:encoder classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd">
<resolver:AttributeDefinition xsi:type="Simple" id="CodiceUtente" sourceAttributeID="CODPIN" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:Dependency ref="regute" />
<resolver:Dependency ref="regsoc" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="CodiceUtente" friendlyName="CodiceUtente" />
</resolver:AttributeDefinition>
....
Some attribute
....
<resolver:AttributeDefinition id="uid" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
sourceAttributeID="uid">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:mace:dir:attribute-def:uid" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
</resolver:AttributeDefinition>
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
<resolver:DataConnector id="regute" xsi:type="dc:RelationalDatabase" queryTimeout="PT10.000S">
<dc:ContainerManagedConnection resourceName="java:comp/env/jdbc/ORAIDP" />
<dc:QueryTemplate>
<![CDATA[
select 'ENTPEN9934' codent,
a.codpin codpin,
a.mat mat,
'Cittadino' ruo,
b.codfis codfis,
decode (a.indemlpec, null, a.indeml, a.indemlpec) indeml,
get_profile (a.codpin) profilo,
cogprf,
nomprf,
sexprf,
titstuprf,
doptitstu,
isc_giorno (b.mat, sysdate) flgisc,
fu_pen (b.mat) flgpen,
decode (fu_contadnp (b.mat, 1) + fu_contadnp (b.mat, 1), 0, 0, 1) flgdicoms,
isc_anno (b.mat, fu_ac_web()) flgiscdic,
fu_anz_cassa (b.mat, sysdate, 1) annanz,
fu_anz_cassa (b.mat, sysdate, 2) gganz,
fu_eta (sysdate, datnas) anneta,
del,
fu_ra(b.mat,fu_ac_web()) flgdicirp,
fu_vaa(b.mat,fu_ac_web()) flgdiciva
from i_regute a, b_anacas b
where b.mat(+) = a.mat and codpin = '$requestContext.principalName'
]]>
</dc:QueryTemplate>
</resolver:DataConnector>
<resolver:DataConnector id="regsoc" xsi:type="dc:RelationalDatabase" queryTimeout="PT10.000S">
<dc:ContainerManagedConnection resourceName="java:comp/env/jdbc/ORAIDP" />
<dc:QueryTemplate>
<![CDATA[
select CODPIN ,CODSOC MAT, DECODE(INDPECRPL,NULL,INDEMLRPL,INDPECRPL) INDEML, GET_PROFILE(CODPIN) PROFILO FROM I_REGSOC WHERE CODPIN='$requestContext.principalName'
]]>
</dc:QueryTemplate>
</resolver:DataConnector>
<resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
ldapURL="ldap://xxx.inarcassa.it ldap://xxx.inarcassa.it" baseDN="ou=Users,dc=inarcassa,dc=it" principal="cn=Manager,dc=
inarcassa,dc=it"
principalCredential="xxxxxx">
<FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</FilterTemplate>
</resolver:DataConnector>
<!-- ========================================== -->
<!-- Principal Connectors -->
<!-- ========================================== -->
<resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</resolver:AttributeResolver>
<!-- ========================================== -->
<!-- Principal Connectors -->
<!-- ========================================== -->
<resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient" nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
</resolver:AttributeResolver>
I can't attach log otherwise the moderator cuts my message.
Where's the mistake?
Thanks
Daniele
Cantor, Scott
Nov 7, 2011, 10:34:16 AM11/7/11
to us...@shibboleth.net
On 11/7/11 10:14 AM, "Daniele Russo" <rud...@gmail.com> wrote:
>I can't attach log otherwise the moderator cuts my message.
I'd suggest you look at the logs and determine the relevant information
that's identifying a difference between the two.
We don't provide logs so people can post them blindly. If you don't
understand a line in the log, then we need to know why so we can fix it so
you do or document something that isn't documented.
-- Scott
--
To unsubscribe from this list send an email to users-un...@shibboleth.net
Daniele Russo
Nov 8, 2011, 11:04:11 AM11/8/11
to Shib Users
I've isolated relevant information:
- version 2.2.1
13:00:02.004 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for AttributeDefinition plugin with ID: uid
13:00:02.005 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:61] - Dependencies for plugin uid: [myLDAP]
13:00:02.005 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:57] - Setting source attribute ID for attribute definition uid to: uid
13:00:02.005 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:81] - Attribute definition uid produces attributes that are only dependencies: false
13:00:02.041 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for AttributeDefinition plugin with ID: CodiceUtente
13:00:02.041 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:61] - Dependencies for plugin CodiceUtente: [regute, regsoc]
13:00:02.042 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:57] - Setting source attribute ID for attribute definition CodiceUtente to: CODPIN
13:00:02.042 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:81] - Attribute definition CodiceUtente produces attributes that are only dependencies: false
...
13:00:02.413 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:477] - Loading 3 data connectors
13:00:02.414 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:487] - Loading 23 attribute definitions
13:00:02.415 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:497] - Loading 3 principal connectors
13:00:02.416 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:214] - RDBMS data connector regute - Validating configuration.
13:00:02.820 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:236] - RDBMS data connector regute - Connector configuration is valid.
13:00:02.821 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:214] - RDBMS data connector regsoc - Validating configuration.
13:00:02.824 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:236] - RDBMS data connector regsoc - Connector configuration is valid.
-version 2.3.4
13:05:50.458 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for AttributeDefinition plugin with ID: uid
13:05:50.458 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:62] - Dependencies for plugin uid: [myLDAP]
13:05:50.459 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:58] - Setting source attribute ID for attribute definition uid to: uid
13:05:50.459 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:82] - Attribute definition uid produces attributes that are only dependencies: false
13:05:50.411 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for AttributeDefinition plugin with ID: CodiceUtente
13:05:50.412 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:62] - Dependencies for plugin CodiceUtente: [regute, regsoc]
13:05:50.412 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:58] - Setting source attribute ID for attribute definition CodiceUtente to: CODPIN
13:05:50.412 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:82] - Attribute definition CodiceUtente produces attributes that are only dependencies: false
...
13:05:50.568 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:506] - Loading 3 data connectors
13:05:50.569 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:516] - Loading 1 attribute definitions
13:05:50.569 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:526] - Loading 3 principal connectors
13:05:50.570 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:215] - RDBMS data connector regute - Validating configuration.
13:05:50.853 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:237] - RDBMS data connector regute - Connector configuration is valid.
13:05:50.854 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:215] - RDBMS data connector regsoc - Validating configuration.
13:05:50.856 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:237] - RDBMS data connector regsoc - Connector configuration is valid.
I don't understand where is the mistake, why it doesn't load the attribute definitions?
Thanks
Daniele
- version 2.2.1
13:00:02.004 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for AttributeDefinition plugin with ID: uid
13:00:02.005 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:61] - Dependencies for plugin uid: [myLDAP]
13:00:02.005 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:57] - Setting source attribute ID for attribute definition uid to: uid
13:00:02.005 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:81] - Attribute definition uid produces attributes that are only dependencies: false
13:00:02.041 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:54] - Parsing configuration for AttributeDefinition plugin with ID: CodiceUtente
13:00:02.041 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:61] - Dependencies for plugin CodiceUtente: [regute, regsoc]
13:00:02.042 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:57] - Setting source attribute ID for attribute definition CodiceUtente to: CODPIN
13:00:02.042 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:81] - Attribute definition CodiceUtente produces attributes that are only dependencies: false
...
13:00:02.413 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:477] - Loading 3 data connectors
13:00:02.414 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:487] - Loading 23 attribute definitions
13:00:02.415 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:497] - Loading 3 principal connectors
13:00:02.416 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:214] - RDBMS data connector regute - Validating configuration.
13:00:02.820 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:236] - RDBMS data connector regute - Connector configuration is valid.
13:00:02.821 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:214] - RDBMS data connector regsoc - Validating configuration.
13:00:02.824 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:236] - RDBMS data connector regsoc - Connector configuration is valid.
-version 2.3.4
13:05:50.458 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for AttributeDefinition plugin with ID: uid
13:05:50.458 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:62] - Dependencies for plugin uid: [myLDAP]
13:05:50.459 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:58] - Setting source attribute ID for attribute definition uid to: uid
13:05:50.459 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:82] - Attribute definition uid produces attributes that are only dependencies: false
13:05:50.411 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for AttributeDefinition plugin with ID: CodiceUtente
13:05:50.412 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:62] - Dependencies for plugin CodiceUtente: [regute, regsoc]
13:05:50.412 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:58] - Setting source attribute ID for attribute definition CodiceUtente to: CODPIN
13:05:50.412 - DEBUG [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.attributeDefinition.BaseAttributeDefinitionBeanDefinitionParser:82] - Attribute definition CodiceUtente produces attributes that are only dependencies: false
...
13:05:50.568 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:506] - Loading 3 data connectors
13:05:50.569 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:516] - Loading 1 attribute definitions
13:05:50.569 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:526] - Loading 3 principal connectors
13:05:50.570 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:215] - RDBMS data connector regute - Validating configuration.
13:05:50.853 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:237] - RDBMS data connector regute - Connector configuration is valid.
13:05:50.854 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:215] - RDBMS data connector regsoc - Validating configuration.
13:05:50.856 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:237] - RDBMS data connector regsoc - Connector configuration is valid.
I don't understand where is the mistake, why it doesn't load the attribute definitions?
Thanks
Daniele
2011/11/7 Cantor, Scott <cant...@osu.edu>
Cantor, Scott
Nov 8, 2011, 11:26:29 AM11/8/11
to us...@shibboleth.net
On 11/8/11 11:04 AM, "Daniele Russo" <rud...@gmail.com> wrote:
>
>I don't understand where is the mistake, why it doesn't load the
>attribute definitions?
>
>I don't understand where is the mistake, why it doesn't load the
>attribute definitions?
Given the code, I'd suspect Spring is at fault somewhere. Maybe it has
something to do with the problem with the packaging mentioned in the other
thread. If 2.3.3 loads the same resolver correctly, then I'd start
suspecting Spring is corrupt in this release.
Daniele Russo
Nov 8, 2011, 11:50:31 AM11/8/11
to Shib Users
I think so, I've installed idp version 2.3.3 and it works!
Do you want that I open a issue?
Thanks
Daniele
Do you want that I open a issue?
Thanks
Daniele
2011/11/8 Cantor, Scott <cant...@osu.edu>
Cantor, Scott
Nov 8, 2011, 12:03:48 PM11/8/11
to us...@shibboleth.net
On 11/8/11 11:50 AM, "Daniele Russo" <rud...@gmail.com> wrote:
>I think so, I've installed idp version 2.3.3 and it works!
>Do you want that I open a issue?
I would, yes. Chad's on vacation, and I don't know if Brent's available to
look into it.
Chad La Joie
Nov 9, 2011, 11:52:33 AM11/9/11
to Shib Users
While I'm sitting here waiting for my next flight I figured I'd chime in here.
There are a couple things here that make me skeptical that this has
anything to do with Spring. First, if Spring encounters anything even
slightly wrong with the XML it complains loudly with hundreds of lines
of stacktrace. Second, there are people running 2.3.4 already that
have not had any issue. Neither of these means for sure that it isn't
a Spring issue, but they do make me skeptical.
In cases like this, the most common cause is either the data
connectors are not issuing the query you think they are or you're not
loading the config file you think you are.
However, if you feel for certain that it's a Spring issue, just remove
go in to the IdP's distribution lib directory and replace the Spring
3.x jars with 2.x jars that shipped with the previous release of the
IdP. Then run the install script again to regenerate the WAR. It's
an easy enough test to run.
--
Chad La Joie
www.itumi.biz
trusted identities, delivered
Cantor, Scott
Nov 9, 2011, 7:35:18 PM11/9/11
to us...@shibboleth.net
On 11/9/11 11:52 AM, "Chad La Joie" <laj...@itumi.biz> wrote:
>
>However, if you feel for certain that it's a Spring issue, just remove
>go in to the IdP's distribution lib directory and replace the Spring
>3.x jars with 2.x jars that shipped with the previous release of the
>IdP. Then run the install script again to regenerate the WAR. It's
>an easy enough test to run.
>
>However, if you feel for certain that it's a Spring issue, just remove
>go in to the IdP's distribution lib directory and replace the Spring
>3.x jars with 2.x jars that shipped with the previous release of the
>IdP. Then run the install script again to regenerate the WAR. It's
>an easy enough test to run.
I will also note that I jumped to conclusions from the log, but my
resolver configuration worked fine with 2.3.4 installed over top of it. I
have a dozen or so data connectors, both JDBC and LDAP, and a mix of
scripted, mapped, template, and simple attribute defs.
Reply all
Reply to author
Forward
0 new messages