Shibboleth Developers

[Olav Morken <>]

Hi,

I am currently testing the Shibboleth 2.0 IdP alpha release. I have got
login working from a Shibboleth 2.0 SP with the SAML2 HTTP-POST binding.
However, I have been unable to make the IdP sign the
samlp:Response-element.

If I have understood the schemas correctly, then I am supposed to add a
Credential-element as the last element in the RelayingPartyGroup-element
in the 'relying-party.xml'-file. I have not been able to figure out the
syntax of this element.

I have tried the following:

    <Credential>
        <X509Inline id="testkey" xmlns="urn:mace:shibboleth:2.0:credential">
            <KeyName>testkey</KeyName>
            <PrivateKey>
                <!-- base64-encoded private key -->
            </PrivateKey>
            <Certificate>
                <!-- base64-encoded certificate -->
            </Certificate>
        </X509Inline>
    </Credential>

This gives an exception while parsing the configuration files which is
caused by:
org.xml.sax.SAXParseException: cvc-type.2: The type definition cannot
be abstract for element Credential.

I have also tried to specify the X509Inline-element without enclosing it
in a Credential-element. This gives an exception which is caused by:
org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content
was found starting with element 'X509Inline'. One of 
{"urn:mace:shibboleth:2.0:relying-party":Credential}' is expected.

I am wondering if this functionality is implemented yet, and what syntax
I am supposed to use.


Thanks,

Olav Morken
UNINETT