shibboleth-dev - Re: continuing oddities in origin installation
Subject: Shibboleth Developers
List archive
- From: Walter Hoehn <>
- To: Ryan Muldoon <>
- Cc:
- Subject: Re: continuing oddities in origin installation
- Date: Thu, 19 Jun 2003 14:48:53 -0400
Thanks Ryan. I edited the commenting so that it should be clearer now.
-Walter
Ryan Muldoon wrote:
Steven Carmody pointed out my problem - in resolver.xml, the scoped
attributes are commented out. I didn't notice that the comments
extended across the attributes. I'm going to file a bugzilla bug to
suggest that it be made clearer...even with just an inline message
noting that you need to uncomment things. Thanks everyone for all the
help. I'll try and get a target going today as well, and report on that
once I have something.
--Ryan
On Thu, 2003-06-19 at 11:16, Ryan Muldoon wrote:
I did a clean installation of the 1.0 origin, downloading the new
distributions this morning. However, I have the same problem as
yesterday - I'm not releasing any attributes whatsoever. Here are the
exact steps that I took to install:
1. I moved *all* old shibboleth directories to my home directory, so
there was no code or configuration anywhere near tomcat. (everything in
the webapps directory, as well as the normal shibboleth distribution
stuff that is unpacked in /usr/local)
2. I killall -9'ed java, to stop tomcat.
3. I unpacked the shib origin distribution in /usr/local
4. I copied shibboleth.war to tomcat's webapps directory.
5. I restarted tomcat.
6. The war file unpacked to a directory, so to be sure that config stuff
matched, I deleted the war file, to solely use the directory.
7. I updated resolver.xml to set the scope to "wisc.edu"
8. I configured origin.properties in a way that was consistent with what
I had last week on a pre-1.0 build (which worked).
Upon testing, I can get to the sample target, but it doesn't have any
attributes for me.
For completeness, here are the relevant files that could be affecting my
release of attributes. Let me know if one of them is indicative of a
misconfiguration. Thanks!
resolver.xml:
------------
<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="urn:mace:shibboleth:resolver:1.0"
xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0
shibboleth-resolver-1.0.xsd">
<SimpleAttributeDefinition
id="urn:mace:dir:attribute-def:eduPersonEntitlement">
<DataConnectorDependency requires="echo"/>
</SimpleAttributeDefinition>
<SimpleAttributeDefinition
id="urn:mace:dir:attribute-def:eduPersonAffiliation">
<DataConnectorDependency requires="echo"/>
</SimpleAttributeDefinition>
<!-- To use these attributes, you should change the smartScope
value to
match your site's domain name.
<SimpleAttributeDefinition
id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
smartScope="wisc.edu">
<AttributeDependency
requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
</SimpleAttributeDefinition>
<SimpleAttributeDefinition
id="urn:mace:dir:attribute-def:eduPersonPrincipalName"
smartScope="wisc.edu">
<DataConnectorDependency requires="echo"/>
</SimpleAttributeDefinition>
-->
<CustomDataConnector id="echo"
class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector" />
</AttributeResolver>
------------------
origin.properties:
------------------
###################################################################################
#
# Handle Service Configuration
#
###################################################################################
##### General Configuration #####
# [Required] Name of this Handle Service (usually a dns name)
edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer =
gari.doit.wisc.edu
# [Required] The name of this origin site (a URI)
edu.internet2.middleware.shibboleth.hs.HandleServlet.siteName =
urn:mace:inqueue:wisc.edu
# [Required] URL at which the corresponding Attribute Authority can be
reached
edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl =
https://gari.doit.wisc.edu/shibboleth/AA
# [Optional] HTTP Request Header to get principal name from (defaults
to REMOTE_USER)
#edu.internet2.middleware.shibboleth.hs.HandleServlet.username =
REMOTE_USER
# [Optional] URI identifying the authentication mechanism that is used
by the HS
#edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod =
urn:oasis:names:tc:SAML:1.0:am:password
##### Assertion Signing #####
# [Required] Location of a Java keystore containing an X509 certificate
# and matching key. Used to sign assertions made by this HS
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePath =
/conf/keystore.jks
# [Required] Password for the keystore
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePassword =
mypassword
# [Required] Keystore alias for the private key
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias =
hs
# [Required] Password for the private key
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyPassword
= mypassword
# [Optional] Keystore alias for the X509 certificate (Defaults to the
private key alias)
edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias = hs
###################################################################################
#
# Attribute Authority Configuration
#
###################################################################################
##### General Configuration #####
# [Required] Name of this Attribute Authority (usually a dns name)
edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName =
gari.doit.wisc.edu
# [Optional] Set to true if the Attribute Authority should pass
internal error messages to
# the SHAR (for debugging purposes) (defaults to false)
#edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors =
false
##### Attribute Resolution #####
# [Optional] Attribute Resolver configuration (Defaults to
/conf/resolver.xml)
edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig
= /conf/resolver.xml
##### Attribute Release Policies #####
# [Required] Arp Repository Implementation
edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation
=
edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository
### Parameters for
edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository
###
# [Required if active] Path from which Policies can be loaded
edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path = /conf/arps/
# [Optional] Time in seconds for which Release Policies should be
cached
# (Defaults to 0 or "no caching")
edu.internet2.middleware.shibboleth.aa.arp.BaseArpRepository.ArpTTL =
300
###################################################################################
#
# Shared Configuration
#
###################################################################################
##### Attribute Query Handle Repository #####
# [Optional] Specifes an implementation to be used for the HS and AA to
share AQHs (Defaults to Memory provider)
edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation
= edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository
#edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation
= edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository
### Parameters for
edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository
###
# [Optional] Time in seconds for which issued AQHs are valid
(Defaults to 1800 or 30 minutes)
#edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL =
1000 ### Parameters for
edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository
###
# [Required if active] Location of a Java keystore containing a
Triple DES secret key.
# Used to encrypt the principal's identifiers
#edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStorePath = /conf/handle.jks
# [Required if active] Password for the keystore
#edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStorePassword = shibhs
# [Required if active] Keystore alias for the secret key
#edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStoreKeyAlias = handleKey
# [Required if active] Password for the private key
#edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStoreKeyPassword = shibhs
# [Optional] Time in seconds for which issued AQHs are valid
(Defaults to 1800 or 30 minutes)
#edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL =
1000 ##### Federation Configuration #####
#[Optional] URI corresponding to the federation this origin operates
under (defaults to the InQueue policy)
edu.internet2.middleware.shibboleth.audiences = urn:mace:inqueue
----------
arp.site.xml:
----------
<?xml version="1.0" encoding="UTF-8"?>
<AttributeReleasePolicy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="urn:mace:shibboleth:arp:1.0"
xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd"
<Description>Simplest possible ARP.</Description>
<Rule>
<Target>
<AnyTarget/>
</Target>
<Attribute
name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
<AnyValue release="permit"/>
</Attribute>
</Rule>
</AttributeReleasePolicy>
-------------
sites.xml in webapps/shibboleth/ doesn't have wisconsin in there, but I
don't think that it matters. Any ideas?
--Ryan
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- continuing oddities in origin installation, Ryan Muldoon, 06/19/2003
- Re: continuing oddities in origin installation, Ryan Muldoon, 06/19/2003
- Re: continuing oddities in origin installation, Walter Hoehn, 06/19/2003
- Re: continuing oddities in origin installation, Ryan Muldoon, 06/19/2003
Archive powered by MHonArc 2.6.16.