shibboleth-dev - Re: Credentials in Shibboleth 2.0
Subject: Shibboleth Developers
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: Credentials in Shibboleth 2.0
- Date: Thu, 02 Aug 2007 10:43:32 -0400
- Openpgp: id=A260F52E; url=http://pgpkeys.pca.dfn.de/pks/lookup?op=get&search=0x3F5E9E87A260F52E
- Organization: Georgetown University
Wow, I didn't realize we had others testing. Thank you!
Obviously I have yet to document the signing stuff which was just added
in a few days ago and is as yet untested. Note that signature
validation isn't added yet.
All that said, here's the syntax:
<Credential xsi:type="X509Inline"
xmlns="urn:mace:shibboleth:2.0:credential">
<KeyName>testkey</KeyName>
<PrivateKey>
<!-- base64-encoded private key -->
</PrivateKey>
<Certificate>
<!-- base64-encoded certificate -->
</Certificate>
</Credential>
Olav Morken wrote:
> Hi,
>
> I am currently testing the Shibboleth 2.0 IdP alpha release. I have got
> login working from a Shibboleth 2.0 SP with the SAML2 HTTP-POST binding.
> However, I have been unable to make the IdP sign the
> samlp:Response-element.
>
> If I have understood the schemas correctly, then I am supposed to add a
> Credential-element as the last element in the RelayingPartyGroup-element
> in the 'relying-party.xml'-file. I have not been able to figure out the
> syntax of this element.
>
> I have tried the following:
>
> <Credential>
> <X509Inline id="testkey" xmlns="urn:mace:shibboleth:2.0:credential">
> <KeyName>testkey</KeyName>
> <PrivateKey>
> <!-- base64-encoded private key -->
> </PrivateKey>
> <Certificate>
> <!-- base64-encoded certificate -->
> </Certificate>
> </X509Inline>
> </Credential>
>
> This gives an exception while parsing the configuration files which is
> caused by:
> org.xml.sax.SAXParseException: cvc-type.2: The type definition cannot
> be abstract for element Credential.
>
> I have also tried to specify the X509Inline-element without enclosing it
> in a Credential-element. This gives an exception which is caused by:
> org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content
> was found starting with element 'X509Inline'. One of
> {"urn:mace:shibboleth:2.0:relying-party":Credential}' is expected.
>
> I am wondering if this functionality is implemented yet, and what syntax
> I am supposed to use.
>
>
> Thanks,
>
> Olav Morken
> UNINETT
--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124
- Credentials in Shibboleth 2.0, Olav Morken, 08/02/2007
- Re: Credentials in Shibboleth 2.0, Chad La Joie, 08/02/2007
- Re: Credentials in Shibboleth 2.0, Olav Morken, 08/03/2007
- Re: Credentials in Shibboleth 2.0, Chad La Joie, 08/05/2007
- Re: Credentials in Shibboleth 2.0, Chad La Joie, 08/02/2007
Archive powered by MHonArc 2.6.16.