Shibboleth Developers

[Lukas Haemmerle <>]

I'm playing around with resolvertest again (for VO stuff) and doing so I
noticed that if you want to query an entity that has only an
AttributeAuthorityDescriptor but no IDPSSODescriptor, resolvertest will
complain:
2010-01-13 16:09:22 WARN Shibboleth.AttributeResolver.Query : can't
attempt attribute query, either no NameID or no metadata to use

Since I'm pretty sure that there is a NameID given in the command
(request works with other IdPs) the issue seems to be related to this
components metadata.

Adding an IDPSSODescriptor and then running the same command (
resolvertest  -n _12345678  -i https://idp.entityid/idp/shibboleth
-saml2 -f urn:oid:some-nameidformat) then solves the issue and
resolvertest works as expected.

However, I would have assumed that resolvertest just queries the
attribute authority and therefore would need only the
AttributeAuthorityDescriptor in an EntityDescriptor. I'm I wrong here?

Cheers
Lukas

-- 
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
 http://www.switch.ch