Shibboleth Developers

["E. Stuart Hicks" <>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mdquery does not find anything unless I add the -nostrict option.  Then
it finds the IdP just fine.  Very promising.  How would I go about
translating that -nostrict into shibboleth2.xml settings?

Scott Cantor wrote:
|> The output from shibd.log (with OpenSAML.MessageDecoder=DEBUG) is below
|> as well.  This IdP works fine on the other SPs so I'm guessing that the
|> XML libraries aren't parsing the Metadata properly. shibd.log shows it
|> being properly downloaded and passing the signature test.  The files in
|> /usr/local/var/run/shibboleth look fine.  I've tried with the other IdP
|> I have running and the result is the same even though it is also
|> included in the metadata.
|
| Try the mdquery tool and see what it thinks is in the metadata.
|
| e.g.
|
| mdquery -e urn:mace:incommon:ohiolink.edu
|
| mdquery -e urn:mace:incommon:ohiolink.edu -idp -saml11
|
| And/or use that for debugging, which is probably simpler than trying to
| debug into SSO at runtime.
|
|> Considering the platform, my guess is that one of the supporting
|> packages (probably something XML-related) isn't compiling and/or
|> functioning properly.  I really don't know where to start looking,
|> though.  Any ideas?
|
| This is where the definition of unsupported comes in; if it takes
debugging
| other people's code, I have to leave it to somebody else. But I would tend
| to doubt that it's loading the metadata at all.
|
| -- Scott
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhQM08ACgkQqmBbivzHElL+7ACfabmcwwBtXXVS4AOOpgJzHfE9
YPMAoLDETvZPuZJ+PSQCPZExOZpUv5GY
=gvMa
-----END PGP SIGNATURE-----