shibboleth-dev - Re: [Shib-Dev] Writing an IDP extension

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Writing an IDP extension

From: André Cruz <>
To:
Subject: Re: [Shib-Dev] Writing an IDP extension
Date: Wed, 15 Oct 2008 10:18:51 +0100

CRAP! :) That was it.

Then I don't understand the need for a spring.schemas file. I thought spring used it to know where to find the schema definition.

André

On Oct 14, 2008, at 7:22 PM, Chad La Joie wrote:

Did you add the schema location for that namespace in at the top of the
document?

André Cruz wrote:

Hello.

I'm having problems referencing my custom login handler from
handlers.xml...
The root cause of this error was: cvc-elt.4.2: Cannot resolve
'sapo:SAPOMemcache' to a type definition for element 'LoginHandler'.

handlers.xml:
<LoginHandler
xmlns:sapo="urn:mace:sapo.pt:shibboleth:memcache:authn"
xsi:type="sapo:SAPOMemcache">

<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified </AuthenticationMethod>

</LoginHandler>

I already tried without the namespace specification but the result is
the same...

schema/memcache-handler.xsd:
<schema targetNamespace="urn:mace:sapo.pt:shibboleth:memcache:authn"
xmlns="http://www.w3.org/2001/XMLSchema";
xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
elementFormDefault="qualified">

<xsd:import namespace="urn:mace:shibboleth:2.0:idp:profile- handler"

schemaLocation="classpath:/schema/shibboleth-2.0-idp-profile- handler.xsd"
/>

<xsd:complexType name="SAPOMemcache">
<xsd:complexContent>
<xsd:extension base="ph:LoginHandlerType">
<xsd:attribute name="protectedServletPath"
type="xsd:string" default="/Authn/RemoteUser">
<xsd:annotation>
<xsd:documentation>
The servlet context path to the

edu .internet2 .middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet
instance
protected by the container or web server.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>

</schema>

spring.handlers:
urn\:mace\:sapo.pt\:shibboleth\:memcache\:authn =
pt.sapo.shibboleth.authn.config.MemcacheNamespaceHandler

spring.schemas:
urn\:mace\:sapo.pt\:shibboleth\:memcache\:authn =
schema/memcache-handler.xsd

Any ideas?
I followed
https://spaces.internet2.edu/display/SHIB2/IdPDevExtLoginHandler and
https://spaces.internet2.edu/display/SHIB2/IdPDevCustomExtension.

Best regards,
André

On Oct 9, 2008, at 6:57 PM, Chad La Joie wrote:

André Cruz wrote:

In this case I'm writing a LoginHandler.

Regarding the LoginContext, I use it to know if forceAuth or isPassive
is requested. Is there other fields that I should take into account?

Not that I can think of. And you really shouldn't need to worry about
those too unless you're integrating with an existing SSO system where
you need to change the behavior of the system based on those settings.
By default, as long as your handler truthfully reports if supports
forceAuth and passive auth the IdP will take care of the rest.

Do I need to set any fields in it besides setting the attributes in the
httpRequest (PRINCIPAL_NAME_KEY, SUBJECT_KEY, etc)?

You don't have to, there are a couple optional fields you can set
though. Take a look at the Javadoc on the LoginHandler interface
currently in the head of the REL_2 branch (this is what will ship with
2.1 and what you should be developing against).
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch

RE: [Shib-Dev] Writing an IDP extension, (continued)

List archive

Re: [Shib-Dev] Writing an IDP extension