Shibboleth 3.3 support?
Closed this issue · 5 comments
Hello,
I'm trying to get this to run in Shibobleth 3.3.0, and I'm running into problems. I'm not much of a Java person, but I think I followed your installation guide closely.
I'm running Jetty 9.3, and on startup I receive this message in the shibboleth logs:
ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] -
Service 'shibboleth.AttributeResolverService':
Initial load failed net.shibboleth.utilities.java.support.service.ServiceException:
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
Line 154 in XML document from file [/opt/shibboleth-idp/conf/attribute-resolver.xml]
is invalid;
nested exception is org.xml.sax.SAXParseException;
lineNumber: 154; columnNumber: 3; cvc-complex-type.2.4.a
: Invalid content was found starting with element 'DataConnector'.
One of '{"urn:mace:shibboleth:2.0:resolver":AttributeDefinition,
"urn:mace:shibboleth:2.0:resolver":DataConnector,
"urn:mace:shibboleth:2.0:resolver":Principal
Connector}' is expected.
It almost seems like the jar file isn't loading, but I do have the bean defined in global.xml like:
<bean id="GwsDataSource"
class="edu.washington.shibboleth.attribute.resolver.dc.rws.HttpDataSource"
destroy-method="close"
p:acceptHeader="text/xml"
/>
And here's the relevant snippet of my attribute-resolver.xml:
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:uwdc="urn:mace:washington.edu:idp:resolver:dc"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver
http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
urn:mace:washington.edu:idp:resolver:dc
classpath:/schema/uw-rws-connector.xsd"
>
<DataConnector xsi:type="WebService"
id="gws" xmlns="urn:mace:washington.edu:idp:resolver:dc"
baseURL="http://myserver"
maxConnections="5"
maxResultSize="100"
mergeResults="true"
httpDataSourceRef="GwsDataSource"
>
Any help would be appreciated!
Thanks for the quick reply Jim, that worked! For anyone in the future, I also didn't have authenticationType="NONE"
in my DataConnector, that appears to be a required attribute.
Second small issue: I'm using Shibboleth in Docker, and linking a helper app into my IdP. So, there's no need for authentication or TLS in my use case.
My current error looks like this:
INFO [org.apache.http.impl.execchain.RetryExec:94] -
I/O exception (org.apache.http.conn.UnsupportedSchemeException)
caught when processing request to
{}->http://shibboleth-helper:8080: http protocol is not supported
ERROR [edu.washington.shibboleth.attribute.resolver.dc.rws.HttpDataSource:206] -
rws get error: org.apache.http.conn.UnsupportedSchemeException:
http protocol is not supported
Is there an easy way to relax the security constraint there and allow unencrypted http?
Thank you!
--Cal
ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] -
Service 'shibboleth.AttributeResolverService':
Initial load failed net.shibboleth.utilities.java.support.service.ServiceException:
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
Line 155 in XML document from file [/opt/shibboleth-idp/conf/attribute-resolver.xml]
is invalid; nested exception is org.xml.sax.SAXParseException;
lineNumber: 155; columnNumber: 3; cvc-complex-type.4:
Attribute 'authenticationType' must appear on element 'resolver:DataConnector'.
at
net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:336)