shibboleth-dev - Re: Shib 2.0: Configuration could not be loaded
Subject: Shibboleth Developers
List archive
- From: Will Norris <>
- To:
- Subject: Re: Shib 2.0: Configuration could not be loaded
- Date: Wed, 2 Jan 2008 15:39:53 -0800
oops, guess I missed this before I mailed you off-list Chad. I'll repeat on here...
A change made last week (r549) is causing me some NPEs and has brought to light a minor discrepancy... The schema for FilesystemMetadataProvider lacks a definition for the maintainExpiredMetadata attribute (causing my NPE in the builder class). The class and builder have most of the code for setting that attribute, but it doesn't look like that flag is actually ever used within the class, at least not in refreshMetadata() where I would expect.
A second contributing issue is that XMLHelper.getAttributeValueAsBoolean() doesn't check for null.
-will
On Jan 2, 2008, at 7:01 AM, Chad La Joie wrote:
There should be an exception as the root of the exception you have. Is
there? If so, can you send it.
Franck Borel wrote:
Hi all,
argg, I load the last IdP 2.0 and now I get this error:
15:21:35.045 INFO
[edu .internet2 .middleware .shibboleth .common.config.metadata.BaseMetadataProviderDefinitionParser]
Parsing configuration for MetadataProvider metadata provider with ID: FSMD
15:21:35.051 ERROR
[edu.internet2.middleware.shibboleth.common.config.BaseService]
Configuration was not loaded for
shibboleth.RelyingPartyConfigurationManager service, unable to load
resource
org.opensaml.util.resource.ResourceException: Unable to load Spring bean
registry with configuration resources
at
edu .internet2 .middleware .shibboleth .common .config .SpringConfigurationUtils .populateRegistry(SpringConfigurationUtils.java:83)
at
edu .internet2 .middleware .shibboleth.common.config.BaseService.loadContext(BaseService.java: 184)
at
edu .internet2 .middleware .shibboleth .common .config.BaseReloadableService.initialize(BaseReloadableService.java: 135)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun .reflect .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun .reflect .DelegatingMethodAccessorImpl .invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org .springframework .beans .factory .support .AbstractAutowireCapableBeanFactory .invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1236)
at
org .springframework .beans .factory .support .AbstractAutowireCapableBeanFactory .invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1202)
at
org .springframework .beans .factory .support .AbstractAutowireCapableBeanFactory .initializeBean(AbstractAutowireCapableBeanFactory.java:1166)
at
org .springframework .beans .factory .support .AbstractAutowireCapableBeanFactory .createBean(AbstractAutowireCapableBeanFactory.java:426)
at
org.springframework.beans.factory.support.AbstractBeanFactory $1.getObject(AbstractBeanFactory.java:249)
at
org .springframework .beans .factory .support .DefaultSingletonBeanRegistry .getSingleton(DefaultSingletonBeanRegistry.java:155)
at
org .springframework .beans .factory .support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
at
org .springframework .beans .factory .support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:227)
at
org .springframework .beans .factory .support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
at
org .springframework .beans .factory .support .BeanDefinitionValueResolver .resolveReference(BeanDefinitionValueResolver.java:267)
at
org .springframework .beans .factory .support .BeanDefinitionValueResolver .resolveValueIfNecessary(BeanDefinitionValueResolver.java:110)
at
org .springframework .beans .factory .support .AbstractAutowireCapableBeanFactory .applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1094)
at
org .springframework .beans .factory .support .AbstractAutowireCapableBeanFactory .populateBean(AbstractAutowireCapableBeanFactory.java:856)
at
org .springframework .beans .factory .support .AbstractAutowireCapableBeanFactory .createBean(AbstractAutowireCapableBeanFactory.java:422)
at
org.springframework.beans.factory.support.AbstractBeanFactory $1.getObject(AbstractBeanFactory.java:249)
at
org .springframework .beans .factory .support .DefaultSingletonBeanRegistry .getSingleton(DefaultSingletonBeanRegistry.java:155)
at
org .springframework .beans .factory .support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
at
org .springframework .beans .factory .support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
at
org .springframework .beans .factory .support .DefaultListableBeanFactory .preInstantiateSingletons(DefaultListableBeanFactory.java:291)
at
org .springframework .context .support .AbstractApplicationContext.refresh(AbstractApplicationContext.java: 352)
at
edu .internet2 .middleware .shibboleth.common.config.BaseService.loadContext(BaseService.java: 185)
at
edu .internet2 .middleware .shibboleth .common .config.BaseReloadableService.initialize(BaseReloadableService.java: 135)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun .reflect .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun .reflect .DelegatingMethodAccessorImpl .invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
...
this doesn't appear with the older release. What is wrong?
relying-party.xml
=================
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file specifies relying party dependent configurations for the
IdP, for example, whether SAML assertions to a
particular relying party should be signed. It also includes
metadata provider and credential definitions used
when answering requests to a relying party.
-->
<RelyingPartyGroup
xmlns="urn:mace:shibboleth:2.0:relying-party"
xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
xmlns:security="urn:mace:shibboleth:2.0:security"
xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party
classpath:/schema/shibboleth-2.0-relying-party.xsd
urn:mace:shibboleth:2.0:relying-party:saml
classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
urn:mace:shibboleth: 2.0:metadata
classpath:/schema/shibboleth-2.0-metadata.xsd
urn:mace:shibboleth: 2.0:security
classpath:/schema/shibboleth-2.0-security.xsd
urn:mace:shibboleth:2.0:security:saml
classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
urn:oasis:names:tc:SAML:2.0:metadata
classpath:/schema/saml-schema-metadata-2.0.xsd">
<!-- ========================================== -->
<!-- Relying Party Configurations -->
<!-- ========================================== -->
<AnonymousRelyingParty provider="https://idp.aar.vascoda.de" />
<DefaultRelyingParty provider="https://idp.aar.vascoda.de" />
<RelyingParty
id="urn:mace:ub.uni-freiburg.de:aartest"
provider="https://idp.aar.vascoda.de"
defaultSigningCredentialRef="DEMOaarCred">
<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
<ProfileConfiguration
xsi:type="saml:SAML1ArtifactResolutionProfile" />
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
<ProfileConfiguration
xsi:type="saml:SAML2ArtifactResolutionProfile" />
</RelyingParty>
<!-- ========================================== -->
<!-- Metadata Configuration -->
<!-- ========================================== -->
<!-- MetadataProvider the combining other MetadataProviders -->
<MetadataProvider
id="ShibbolethMetadata"
xsi:type="ChainingMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata">
<!-- MetadataProvider reading metadata from a URL. -->
<!-- Fill in metadataURL and backingFile attributes with
deployment specific information -->
<!--
<MetadataProvider id="URLMD"
xsi:type="FileBackedHTTPMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="http://example.org/my/metadata/file.xml"
backingFile="/opt/shibboleth-idp/temp/metadata/somefile.xml" />
-->
<!-- MetadataProvider reading metadata from the filesystem -->
<!-- Fill in metadataFile attribute with deployment specific
information -->
<MetadataProvider
id="FSMD"
xsi:type="FilesystemMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
metadataFile="/data/share/metadata/DEMO2-metadata.xml" />
<!-- MetadataProvider defining metadata inline -->
<!--
<MetadataProvider id="InlineMD"
xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata ">
<EntitiesDescriptor Name="urn:example.org:myFederation"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
<EntityDescriptor entityID="urn:example.org:myFederation:idp1 ">
<IDPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://example.org/myIdP" />
</IDPSSODescriptor>
</EntityDescriptor>
<EntityDescriptor entityID="urn:example.org:myFederation:sp1 ">
<SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://example.org/mySP" index="0" />
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://example.org/mySP" index="0" />
</SPSSODescriptor>
</EntityDescriptor>
</EntitiesDescriptor>
</MetadataProvider>
-->
</MetadataProvider>
<!-- ========================================== -->
<!-- Security Configurations -->
<!-- ========================================== -->
<security:Credential
id="DEMOaarCred"
xsi:type="security:X509Filesystem">
<security:PrivateKey>
/etc/apache2/ssl.key/aar.vascoda.de.key
</security:PrivateKey>
<security:Certificate>
/etc/apache2/ssl.crt/aar.vascoda.de.crt
</security:Certificate>
</security:Credential>
<security:TrustEngine
id="shibboleth.SignatureTrustEngine"
xsi:type="security:ExplicitKeySignature"
metadataProviderRef="ShibbolethMetadata" />
<security:TrustEngine
id="shibboleth.CredentialTrustEngine"
xsi:type="security:ExplicitKey"
metadataProviderRef="ShibbolethMetadata" />
<security:SecurityPolicy
id="shibboleth.DefaultSecurityPolicy"
xsi:type="security:SecurityPolicyType">
<security:Rule xsi:type="samlsec:Replay" />
<security:Rule xsi:type="samlsec:IssueInstant" />
<security:Rule xsi:type="samlsec:MandatoryIssuer" />
<security:Rule
xsi:type="samlsec:ProtocolWithXMLSignature"
trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule
xsi:type="samlsec:SAML2HTTPRedirectSimpleSign"
trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule
xsi:type="samlsec:SAML2HTTPPostSimpleSign"
trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule
xsi:type="security:ClientCertAuth"
trustEngineRef="shibboleth.CredentialTrustEngine" />
</security:SecurityPolicy>
</RelyingPartyGroup>
Metadata
========
<?xml version="1.0" encoding="UTF-8"?>
<EntitiesDescriptor
Name="urn:mace:ub.uni-freiburg.de:aartest"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata
saml-schema-metadata-2.0.xsd
urn:mace:shibboleth:metadata:1.0
shibboleth-metadata-1.0.xsd
http://www.w3.org/2000/09/xmldsig#
xmldsig-core-schema.xsd">
<!--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%
-->
<!-- Identity-Provider -->
<!--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%
-->
<!-- ============================================================= -->
<!-- IdP: DEMOaar -->
<!-- ============================================================= -->
<EntityDescriptor entityID="https://idp.aar.vascoda.de">
<IDPSSODescriptor
protocolSupportEnumeration="urn:mace:shibboleth:1.0
urn:oasis:names:tc:SAML:1.1:protocol
urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions>
<shibmd:Scope>aar.vascoda.de</shibmd:Scope>
</Extensions>
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIFcjCCBFqgAwIBAgIECwSAeDANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMC
REUxHjAcBgNVBAoTFVVuaXZlcnNpdGFldCBGcmVpYnVyZzEWMBQGA1UECxMNUmVj
aGVuemVudHJ1bTEYMBYGA1UEAxMPVW5pLUZSIENBIC0gRzAyMSUwIwYJKoZIhvcN
AQkBFhZwa2lAcnoudW5pLWZyZWlidXJnLmRlMB4XDTA3MDkxMDA4NDAxMFoXDTEy
MDkwODA4NDAxMFowgY8xCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVVbml2ZXJzaXRh
ZXQgRnJlaWJ1cmcxIDAeBgNVBAsTF1VuaXZlcnNpdGFldHNiaWJsaW90aGVrMRcw
FQYDVQQDEw5hYXIudmFzY29kYS5kZTElMCMGCSqGSIb3DQEJARYWZWR2QHViLnVu
aS1mcmVpYnVyZy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM72
dnuf7jbWPdmG5NIMmbeXmY3QCJWZrSJkkTn4Gz98x5I30t3IIx5K+N4BpkIIeU57
PUMuZZX34+aZ+AYzC2okoiMfhWHsRzy4wHMqn4rPLWTSuit0/77s0CcDx+PjINds
TUOIb5md84DUBlDUcLDPO7H/EYGfiM6D0+/4Jw5hRwxkckiOA4vTdg/QSvsuMgrD
ozTuByxm6OTyVzjNNnJQXCnP2pzGKoA2iola1Nogm92NUMmRYp5qgjYRitPKgi+H
zUiV2tYP+JJV0z/aohz8/CalFlLOkVDDma8yrETK6PHgha2iC/ONbyiTe8M2jnC5
WroDGXvu1Y+TS8UG+18CAwEAAaOCAdswggHXMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUd1b3
YadJbYr9uuBSPrOzeILf2YYwHwYDVR0jBBgwFoAUM2ep1vGTVTasoTK9weSWOf9M
cDEwIQYDVR0RBBowGIEWZWR2QHViLnVuaS1mcmVpYnVyZy5kZTCBjwYDVR0fBIGH
MIGEMECgPqA8hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3VuaS1mcmVpYnVyZy1j
YS9wdWIvY3JsL2dfY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZu
LmRlL3VuaS1mcmVpYnVyZy1jYS9wdWIvY3JsL2dfY2FjcmwuY3JsMIGoBggrBgEF
BQcBAQSBmzCBmDBKBggrBgEFBQcwAoY+aHR0cDovL2NkcDEucGNhLmRmbi5kZS91
bmktZnJlaWJ1cmctY2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQwSgYIKwYBBQUH
MAKGPmh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvdW5pLWZyZWlidXJnLWNhL3B1Yi9j
YWNlcnQvZ19jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAqjzTOichvi4Qh
n8f4V4XNLUn4Up5W8JPpynYGc03j2Yl9W29KHed2Oo8X6IJZSQ2FbgOZHv/4rICg
a6u3ZI82I1bIfkAzkNy6aAb/Rc9abYUN3RJls3f53lNn2myd44IT8j1Bd4e/fmD3
0HRHy7voWTzHpFqPOcrczQCUTyTS/JNuB9nfqqLQqkIPcLibvDwuKOjbt8v4/+Zf
BsB/2KVJ0Ts+B515eFaMVdKLiBzt0PCymkbiCVVjR41HahZ3DvDFKnk4WyRXb6oK
bf5VqM25B+KOvHgkH9TFKMoAS0EJ8njaRtxL73LD+aMjVVtVY8XxPWn2pDC42Mik
rqeh/auD
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIFcjCCBFqgAwIBAgIECwSAeDANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMC
REUxHjAcBgNVBAoTFVVuaXZlcnNpdGFldCBGcmVpYnVyZzEWMBQGA1UECxMNUmVj
aGVuemVudHJ1bTEYMBYGA1UEAxMPVW5pLUZSIENBIC0gRzAyMSUwIwYJKoZIhvcN
AQkBFhZwa2lAcnoudW5pLWZyZWlidXJnLmRlMB4XDTA3MDkxMDA4NDAxMFoXDTEy
MDkwODA4NDAxMFowgY8xCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVVbml2ZXJzaXRh
ZXQgRnJlaWJ1cmcxIDAeBgNVBAsTF1VuaXZlcnNpdGFldHNiaWJsaW90aGVrMRcw
FQYDVQQDEw5hYXIudmFzY29kYS5kZTElMCMGCSqGSIb3DQEJARYWZWR2QHViLnVu
aS1mcmVpYnVyZy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM72
dnuf7jbWPdmG5NIMmbeXmY3QCJWZrSJkkTn4Gz98x5I30t3IIx5K+N4BpkIIeU57
PUMuZZX34+aZ+AYzC2okoiMfhWHsRzy4wHMqn4rPLWTSuit0/77s0CcDx+PjINds
TUOIb5md84DUBlDUcLDPO7H/EYGfiM6D0+/4Jw5hRwxkckiOA4vTdg/QSvsuMgrD
ozTuByxm6OTyVzjNNnJQXCnP2pzGKoA2iola1Nogm92NUMmRYp5qgjYRitPKgi+H
zUiV2tYP+JJV0z/aohz8/CalFlLOkVDDma8yrETK6PHgha2iC/ONbyiTe8M2jnC5
WroDGXvu1Y+TS8UG+18CAwEAAaOCAdswggHXMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUd1b3
YadJbYr9uuBSPrOzeILf2YYwHwYDVR0jBBgwFoAUM2ep1vGTVTasoTK9weSWOf9M
cDEwIQYDVR0RBBowGIEWZWR2QHViLnVuaS1mcmVpYnVyZy5kZTCBjwYDVR0fBIGH
MIGEMECgPqA8hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3VuaS1mcmVpYnVyZy1j
YS9wdWIvY3JsL2dfY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZu
LmRlL3VuaS1mcmVpYnVyZy1jYS9wdWIvY3JsL2dfY2FjcmwuY3JsMIGoBggrBgEF
BQcBAQSBmzCBmDBKBggrBgEFBQcwAoY+aHR0cDovL2NkcDEucGNhLmRmbi5kZS91
bmktZnJlaWJ1cmctY2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQwSgYIKwYBBQUH
MAKGPmh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvdW5pLWZyZWlidXJnLWNhL3B1Yi9j
YWNlcnQvZ19jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAqjzTOichvi4Qh
n8f4V4XNLUn4Up5W8JPpynYGc03j2Yl9W29KHed2Oo8X6IJZSQ2FbgOZHv/4rICg
a6u3ZI82I1bIfkAzkNy6aAb/Rc9abYUN3RJls3f53lNn2myd44IT8j1Bd4e/fmD3
0HRHy7voWTzHpFqPOcrczQCUTyTS/JNuB9nfqqLQqkIPcLibvDwuKOjbt8v4/+Zf
BsB/2KVJ0Ts+B515eFaMVdKLiBzt0PCymkbiCVVjR41HahZ3DvDFKnk4WyRXb6oK
bf5VqM25B+KOvHgkH9TFKMoAS0EJ8njaRtxL73LD+aMjVVtVY8XxPWn2pDC42Mik
rqeh/auD
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<ArtifactResolutionService
index="1"
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://aar.vascoda.de:8443/shibboleth-idp/profile/SAML1/SOAP/ArtifactResolution "
/>
<ArtifactResolutionService
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://aar.vascoda.de:8443/shibboleth-idp/profile/SAML2/SOAP/ArtifactResolution "
/>
<SingleSignOnService
Binding="urn:mace:shibboleth: 1.0:profiles:AuthnRequest"
Location="https://aar.vascoda.de/shibboleth-idp/profile/Shibboleth/SSO " />
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://aar.vascoda.de/shibboleth-idp/profile/SAML2/Redirect/SSO "
/>
<SingleSignOnService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://aar.vascoda.de/shibboleth-idp/profile/SAML2/POST/SSO " />
</IDPSSODescriptor>
<AttributeAuthorityDescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol
urn:oasis:names:tc:SAML: 2.0:protocol">
<Extensions>
<shibmd:Scope>aar.vascoda.de</shibmd:Scope>
</Extensions>
<KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIFcjCCBFqgAwIBAgIECwSAeDANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMC
REUxHjAcBgNVBAoTFVVuaXZlcnNpdGFldCBGcmVpYnVyZzEWMBQGA1UECxMNUmVj
aGVuemVudHJ1bTEYMBYGA1UEAxMPVW5pLUZSIENBIC0gRzAyMSUwIwYJKoZIhvcN
AQkBFhZwa2lAcnoudW5pLWZyZWlidXJnLmRlMB4XDTA3MDkxMDA4NDAxMFoXDTEy
MDkwODA4NDAxMFowgY8xCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVVbml2ZXJzaXRh
ZXQgRnJlaWJ1cmcxIDAeBgNVBAsTF1VuaXZlcnNpdGFldHNiaWJsaW90aGVrMRcw
FQYDVQQDEw5hYXIudmFzY29kYS5kZTElMCMGCSqGSIb3DQEJARYWZWR2QHViLnVu
aS1mcmVpYnVyZy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM72
dnuf7jbWPdmG5NIMmbeXmY3QCJWZrSJkkTn4Gz98x5I30t3IIx5K+N4BpkIIeU57
PUMuZZX34+aZ+AYzC2okoiMfhWHsRzy4wHMqn4rPLWTSuit0/77s0CcDx+PjINds
TUOIb5md84DUBlDUcLDPO7H/EYGfiM6D0+/4Jw5hRwxkckiOA4vTdg/QSvsuMgrD
ozTuByxm6OTyVzjNNnJQXCnP2pzGKoA2iola1Nogm92NUMmRYp5qgjYRitPKgi+H
zUiV2tYP+JJV0z/aohz8/CalFlLOkVDDma8yrETK6PHgha2iC/ONbyiTe8M2jnC5
WroDGXvu1Y+TS8UG+18CAwEAAaOCAdswggHXMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUd1b3
YadJbYr9uuBSPrOzeILf2YYwHwYDVR0jBBgwFoAUM2ep1vGTVTasoTK9weSWOf9M
cDEwIQYDVR0RBBowGIEWZWR2QHViLnVuaS1mcmVpYnVyZy5kZTCBjwYDVR0fBIGH
MIGEMECgPqA8hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3VuaS1mcmVpYnVyZy1j
YS9wdWIvY3JsL2dfY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZu
LmRlL3VuaS1mcmVpYnVyZy1jYS9wdWIvY3JsL2dfY2FjcmwuY3JsMIGoBggrBgEF
BQcBAQSBmzCBmDBKBggrBgEFBQcwAoY+aHR0cDovL2NkcDEucGNhLmRmbi5kZS91
bmktZnJlaWJ1cmctY2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQwSgYIKwYBBQUH
MAKGPmh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvdW5pLWZyZWlidXJnLWNhL3B1Yi9j
YWNlcnQvZ19jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAqjzTOichvi4Qh
n8f4V4XNLUn4Up5W8JPpynYGc03j2Yl9W29KHed2Oo8X6IJZSQ2FbgOZHv/4rICg
a6u3ZI82I1bIfkAzkNy6aAb/Rc9abYUN3RJls3f53lNn2myd44IT8j1Bd4e/fmD3
0HRHy7voWTzHpFqPOcrczQCUTyTS/JNuB9nfqqLQqkIPcLibvDwuKOjbt8v4/+Zf
BsB/2KVJ0Ts+B515eFaMVdKLiBzt0PCymkbiCVVjR41HahZ3DvDFKnk4WyRXb6oK
bf5VqM25B+KOvHgkH9TFKMoAS0EJ8njaRtxL73LD+aMjVVtVY8XxPWn2pDC42Mik
rqeh/auD
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIFcjCCBFqgAwIBAgIECwSAeDANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMC
REUxHjAcBgNVBAoTFVVuaXZlcnNpdGFldCBGcmVpYnVyZzEWMBQGA1UECxMNUmVj
aGVuemVudHJ1bTEYMBYGA1UEAxMPVW5pLUZSIENBIC0gRzAyMSUwIwYJKoZIhvcN
AQkBFhZwa2lAcnoudW5pLWZyZWlidXJnLmRlMB4XDTA3MDkxMDA4NDAxMFoXDTEy
MDkwODA4NDAxMFowgY8xCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVVbml2ZXJzaXRh
ZXQgRnJlaWJ1cmcxIDAeBgNVBAsTF1VuaXZlcnNpdGFldHNiaWJsaW90aGVrMRcw
FQYDVQQDEw5hYXIudmFzY29kYS5kZTElMCMGCSqGSIb3DQEJARYWZWR2QHViLnVu
aS1mcmVpYnVyZy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM72
dnuf7jbWPdmG5NIMmbeXmY3QCJWZrSJkkTn4Gz98x5I30t3IIx5K+N4BpkIIeU57
PUMuZZX34+aZ+AYzC2okoiMfhWHsRzy4wHMqn4rPLWTSuit0/77s0CcDx+PjINds
TUOIb5md84DUBlDUcLDPO7H/EYGfiM6D0+/4Jw5hRwxkckiOA4vTdg/QSvsuMgrD
ozTuByxm6OTyVzjNNnJQXCnP2pzGKoA2iola1Nogm92NUMmRYp5qgjYRitPKgi+H
zUiV2tYP+JJV0z/aohz8/CalFlLOkVDDma8yrETK6PHgha2iC/ONbyiTe8M2jnC5
WroDGXvu1Y+TS8UG+18CAwEAAaOCAdswggHXMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUd1b3
YadJbYr9uuBSPrOzeILf2YYwHwYDVR0jBBgwFoAUM2ep1vGTVTasoTK9weSWOf9M
cDEwIQYDVR0RBBowGIEWZWR2QHViLnVuaS1mcmVpYnVyZy5kZTCBjwYDVR0fBIGH
MIGEMECgPqA8hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3VuaS1mcmVpYnVyZy1j
YS9wdWIvY3JsL2dfY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZu
LmRlL3VuaS1mcmVpYnVyZy1jYS9wdWIvY3JsL2dfY2FjcmwuY3JsMIGoBggrBgEF
BQcBAQSBmzCBmDBKBggrBgEFBQcwAoY+aHR0cDovL2NkcDEucGNhLmRmbi5kZS91
bmktZnJlaWJ1cmctY2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQwSgYIKwYBBQUH
MAKGPmh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvdW5pLWZyZWlidXJnLWNhL3B1Yi9j
YWNlcnQvZ19jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAqjzTOichvi4Qh
n8f4V4XNLUn4Up5W8JPpynYGc03j2Yl9W29KHed2Oo8X6IJZSQ2FbgOZHv/4rICg
a6u3ZI82I1bIfkAzkNy6aAb/Rc9abYUN3RJls3f53lNn2myd44IT8j1Bd4e/fmD3
0HRHy7voWTzHpFqPOcrczQCUTyTS/JNuB9nfqqLQqkIPcLibvDwuKOjbt8v4/+Zf
BsB/2KVJ0Ts+B515eFaMVdKLiBzt0PCymkbiCVVjR41HahZ3DvDFKnk4WyRXb6oK
bf5VqM25B+KOvHgkH9TFKMoAS0EJ8njaRtxL73LD+aMjVVtVY8XxPWn2pDC42Mik
rqeh/auD
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<AttributeService
Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
Location="https://aar.vascoda.de:8443/shibboleth-idp/profile/SAML1/SOAP/AttributeQuery "
/>
<AttributeService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://aar.vascoda.de:8443/shibboleth-idp/profile/SAML2/SOAP/AttributeQuery "
/>
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
</NameIDFormat>
</AttributeAuthorityDescriptor>
<Organization>
<OrganizationName xml:lang="en">DEMOaar</OrganizationName>
<OrganizationDisplayName xml:lang="en">
DEMOaar
</OrganizationDisplayName>
<OrganizationURL xml:lang="en">
http://aar.vascoda.de/
</OrganizationURL>
</Organization>
<ContactPerson contactType="technical">
<SurName>Technical Support</SurName>
<EmailAddress></EmailAddress>
</ContactPerson>
</EntityDescriptor>
<!--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%
-->
<!-- Service-Provider -->
<!--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%
-->
<!-- ============================================================= -->
<!-- SP: DEMOaar -->
<!-- ============================================================= -->
<EntityDescriptor entityID="https://sp.aar.vascoda.de">
<SPSSODescriptor
protocolSupportEnumeration="urn:mace:shibboleth:1.0
urn:oasis:names:tc:SAML:1.1:protocol
urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIFcjCCBFqgAwIBAgIECwSAeDANBgkqhkiG9w0BAQUFADCBhjELMAkGA1UEBhMC
REUxHjAcBgNVBAoTFVVuaXZlcnNpdGFldCBGcmVpYnVyZzEWMBQGA1UECxMNUmVj
aGVuemVudHJ1bTEYMBYGA1UEAxMPVW5pLUZSIENBIC0gRzAyMSUwIwYJKoZIhvcN
AQkBFhZwa2lAcnoudW5pLWZyZWlidXJnLmRlMB4XDTA3MDkxMDA4NDAxMFoXDTEy
MDkwODA4NDAxMFowgY8xCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVVbml2ZXJzaXRh
ZXQgRnJlaWJ1cmcxIDAeBgNVBAsTF1VuaXZlcnNpdGFldHNiaWJsaW90aGVrMRcw
FQYDVQQDEw5hYXIudmFzY29kYS5kZTElMCMGCSqGSIb3DQEJARYWZWR2QHViLnVu
aS1mcmVpYnVyZy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM72
dnuf7jbWPdmG5NIMmbeXmY3QCJWZrSJkkTn4Gz98x5I30t3IIx5K+N4BpkIIeU57
PUMuZZX34+aZ+AYzC2okoiMfhWHsRzy4wHMqn4rPLWTSuit0/77s0CcDx+PjINds
TUOIb5md84DUBlDUcLDPO7H/EYGfiM6D0+/4Jw5hRwxkckiOA4vTdg/QSvsuMgrD
ozTuByxm6OTyVzjNNnJQXCnP2pzGKoA2iola1Nogm92NUMmRYp5qgjYRitPKgi+H
zUiV2tYP+JJV0z/aohz8/CalFlLOkVDDma8yrETK6PHgha2iC/ONbyiTe8M2jnC5
WroDGXvu1Y+TS8UG+18CAwEAAaOCAdswggHXMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUd1b3
YadJbYr9uuBSPrOzeILf2YYwHwYDVR0jBBgwFoAUM2ep1vGTVTasoTK9weSWOf9M
cDEwIQYDVR0RBBowGIEWZWR2QHViLnVuaS1mcmVpYnVyZy5kZTCBjwYDVR0fBIGH
MIGEMECgPqA8hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL3VuaS1mcmVpYnVyZy1j
YS9wdWIvY3JsL2dfY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZu
LmRlL3VuaS1mcmVpYnVyZy1jYS9wdWIvY3JsL2dfY2FjcmwuY3JsMIGoBggrBgEF
BQcBAQSBmzCBmDBKBggrBgEFBQcwAoY+aHR0cDovL2NkcDEucGNhLmRmbi5kZS91
bmktZnJlaWJ1cmctY2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQwSgYIKwYBBQUH
MAKGPmh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvdW5pLWZyZWlidXJnLWNhL3B1Yi9j
YWNlcnQvZ19jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAqjzTOichvi4Qh
n8f4V4XNLUn4Up5W8JPpynYGc03j2Yl9W29KHed2Oo8X6IJZSQ2FbgOZHv/4rICg
a6u3ZI82I1bIfkAzkNy6aAb/Rc9abYUN3RJls3f53lNn2myd44IT8j1Bd4e/fmD3
0HRHy7voWTzHpFqPOcrczQCUTyTS/JNuB9nfqqLQqkIPcLibvDwuKOjbt8v4/+Zf
BsB/2KVJ0Ts+B515eFaMVdKLiBzt0PCymkbiCVVjR41HahZ3DvDFKnk4WyRXb6oK
bf5VqM25B+KOvHgkH9TFKMoAS0EJ8njaRtxL73LD+aMjVVtVY8XxPWn2pDC42Mik
rqeh/auD
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
</NameIDFormat>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST "
Location="https://aar.vascoda.de/Shibboleth.sso/SAML2/POST "
index="1" />
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post "
Location="https://aar.vascoda.de/Shibboleth.sso/SAML/POST "
index="2" />
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://aar.vascoda.de/Shibboleth.sso/SAML2/Artifact"
index="3" />
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://aar.vascoda.de/Shibboleth.sso/SAML2/POST- SimpleSign"
index="4" />
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01 "
Location="https://aar.vascoda.de/Shibboleth.sso/SAML/Artifact"
index="5" />
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="de">DEMOaar</OrganizationName>
<OrganizationDisplayName xml:lang="de">
DEMOaar
</OrganizationDisplayName>
<OrganizationURL xml:lang="de">
http://aar.vascoda.de
</OrganizationURL>
</Organization>
<ContactPerson contactType="technical">
<SurName>Support</SurName>
<EmailAddress></EmailAddress>
</ContactPerson>
</EntityDescriptor>
</EntitiesDescriptor>
-- Franck
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch
- Shib 2.0: Configuration could not be loaded, Franck Borel, 01/02/2008
- Re: Shib 2.0: Configuration could not be loaded, Chad La Joie, 01/02/2008
- Re: Shib 2.0: Configuration could not be loaded, Will Norris, 01/02/2008
- Re: Shib 2.0: Configuration could not be loaded, Franck Borel, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Chad La Joie, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Franck Borel, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Chad La Joie, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Franck Borel, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Chad La Joie, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Franck Borel, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Chad La Joie, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Franck Borel, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Chad La Joie, 01/03/2008
- Re: Shib 2.0: Configuration could not be loaded, Chad La Joie, 01/02/2008
Archive powered by MHonArc 2.6.16.