Shibboleth Developers

[Halm Reusser <>]

Hi Brent,

First, thanks for your fast reply although you came just back from vacation.

On 06.01.11 21:53, Brent Putman wrote:
> Double-check that in production you implemented step 3 of the
> INSTALL.txt with the modifications to shibboleth.OpensamlConfig bean
> in internal.xml.  There's 3 provider configs that you have to add
> there. The one that's either missing or typoed or whatever would be
> the /disco-config.xml one, which has the config for that
> MetadataAbstract provider.

Damn. You were absolutely right. I didn't remember adjusting
internal.xml, that's why the distribution one was taken instead having
this file in version control. Wrong assumption. My fault.

> Note that internal.xml is not reloadable on-the-fly, so you have to
> stop and restart the IdP webapp in order for changes to take effect.

I re-deployed this morning. Successfully.

> What's basically happening is that the OpenSAML Configuration can't
> lookup the builder for that element. I don't like NPE's showing up in
> code, but it's an unfortunate fact that throughout the IdP, we don't
> check for null when we lookup builders, marshallers and
> unmarshallers. We probably should, but it would entail updating
> probably thousands of calls.

Concerning the NPE, this wasn't criticism, just a notice. I'm sure I
have a lot of unchecked dereferences in my code.

I'm also not yet sure what's the 'best' approach for that. In that
concrete case we are lucky that the IdP had a global catch (Throwable t)
{...} block, which did logging and therefore helped to easy find the
cause. (Instead of swallowed by stderr and perhaps undiscoverable).

A possible methodology might be 'Design by contract' utilizing
org.springframework.util.Assert for instance and check arguments in
method calls and object construction (the issue here).

But yes - this needs effort or to explain it with an image:
  http://xkcd.com/844/


Nevertheless, this was a configuration mistake from my side. Many thanks
for your fast response.


-Halm