shibboleth-dev - Re: Credentials in Shibboleth 2.0
Subject: Shibboleth Developers
List archive
- From: Olav Morken <>
- To:
- Subject: Re: Credentials in Shibboleth 2.0
- Date: Fri, 3 Aug 2007 15:44:37 +0200
Hi again,
unfortunately the example does not appear to work. It gives an exception
which is caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'Credential'. One of
'{"urn:mace:shibboleth:2.0:relying-party":Credential}' is expected.
Changing it to:
<Credential xsi:type="credential:X509Inline"
id="testkey">
<KeyName>TestKey</KeyName>
<!-- ... -->
</Credential>
gives an exception which is caused by: org.xml.sax.SAXParseException:
cvc-complex-type.2.4.a: Invalid content was found starting with element
'KeyName'. One of '{KeyName, SecretKey, PrivateKey, Certificate, CRL}'
is expected.
Adding xmlns="urn:mace:shibboleth:2.0:credential" to the KeyName,
PrivateKey and Certificate elements does not change this exception.
--
Olav Morken
UNINETT
On Thu, Aug 02, 2007 at 10:43:32AM -0400, Chad La Joie wrote:
> Wow, I didn't realize we had others testing. Thank you!
>
> Obviously I have yet to document the signing stuff which was just added
> in a few days ago and is as yet untested. Note that signature
> validation isn't added yet.
>
> All that said, here's the syntax:
>
> <Credential xsi:type="X509Inline"
> xmlns="urn:mace:shibboleth:2.0:credential">
> <KeyName>testkey</KeyName>
> <PrivateKey>
> <!-- base64-encoded private key -->
> </PrivateKey>
> <Certificate>
> <!-- base64-encoded certificate -->
> </Certificate>
> </Credential>
>
> Olav Morken wrote:
> > Hi,
> >
> > I am currently testing the Shibboleth 2.0 IdP alpha release. I have got
> > login working from a Shibboleth 2.0 SP with the SAML2 HTTP-POST binding.
> > However, I have been unable to make the IdP sign the
> > samlp:Response-element.
> >
> > If I have understood the schemas correctly, then I am supposed to add a
> > Credential-element as the last element in the RelayingPartyGroup-element
> > in the 'relying-party.xml'-file. I have not been able to figure out the
> > syntax of this element.
> >
> > I have tried the following:
> >
> > <Credential>
> > <X509Inline id="testkey"
> > xmlns="urn:mace:shibboleth:2.0:credential">
> > <KeyName>testkey</KeyName>
> > <PrivateKey>
> > <!-- base64-encoded private key -->
> > </PrivateKey>
> > <Certificate>
> > <!-- base64-encoded certificate -->
> > </Certificate>
> > </X509Inline>
> > </Credential>
> >
> > This gives an exception while parsing the configuration files which is
> > caused by:
> > org.xml.sax.SAXParseException: cvc-type.2: The type definition cannot
> > be abstract for element Credential.
> >
> > I have also tried to specify the X509Inline-element without enclosing it
> > in a Credential-element. This gives an exception which is caused by:
> > org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content
> > was found starting with element 'X509Inline'. One of
> > {"urn:mace:shibboleth:2.0:relying-party":Credential}' is expected.
> >
> > I am wondering if this functionality is implemented yet, and what syntax
> > I am supposed to use.
> >
> >
> > Thanks,
> >
> > Olav Morken
> > UNINETT
>
> --
> Chad La Joie 2052-C Harris Bldg
> OIS-Middleware 202.687.0124
>
- Credentials in Shibboleth 2.0, Olav Morken, 08/02/2007
- Re: Credentials in Shibboleth 2.0, Chad La Joie, 08/02/2007
- Re: Credentials in Shibboleth 2.0, Olav Morken, 08/03/2007
- Re: Credentials in Shibboleth 2.0, Chad La Joie, 08/05/2007
- Re: Credentials in Shibboleth 2.0, Chad La Joie, 08/02/2007
Archive powered by MHonArc 2.6.16.