Shibboleth Developers

["E. Stuart Hicks" <>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dead on, as usual.  There seems to be something wrong with Tru64's
definition of LONG_MAX.  I forcibly set it to 0x7fffffff in
saml/internal.h and everything seems happy now.  I'll submit the patch
to the opensaml group.  They'll probably want something a little more
intelligent as LONG_MAX probably works fine on most platforms; however,
that's their problem.

With that, I appear to have a functional SP on the box.  We'll see if
that is indeed the case once I start actually using it.  Either way,
thanks again for your help.

- ----------------------
E. Stuart Hicks
Access Manager / Systems Engineer
OhioLINK



Scott Cantor wrote:
|> mdquery does not find anything unless I add the -nostrict option.  Then
|> it finds the IdP just fine.  Very promising.  How would I go about
|> translating that -nostrict into shibboleth2.xml settings?
|
| You don't, that means you're reading expired metadata. The InCommon
metadata
| doesn't (yet) have an expiration date in it, so my guess is there's a
| porting problem causing libsaml to slap a bogus expiration date on it.
|
| There are some ugly macros in saml/internal.h defining SAMLTIME_MAX.
That's
| probably the source of the problem.
|
| The comments in the file may lead you somewhere, but I guess I'd check on
| what some of the dependent macros are. It may be guessing sizeof(time_t)
| wrong. The single biggest 64-bit problem in the code is that time_t isn't
| always 64-bit, and when it is, the native data type is platform dependent.
|
| My guess is the code's overflowing
| (saml/saml2/metadata/XMLMetadataProvider.cpp).
|
| -- Scott
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhSuugACgkQqmBbivzHElI49wCg8+gZdfSsPSuqsuaxNWo03rzp
HMMAoK6V5kcCG7PD9zuQZWCfzUj8Y3CA
=YR1r
-----END PGP SIGNATURE-----