Using the FilesystemMetadataProvider

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Using the FilesystemMetadataProvider

Olivier Salaün
Hi,

I am running a Shibboleth 2.1 Service Provider.

I wish to use a local metadata file and according to the
<https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider>
documentation I tried defining a FilesystemMetadataProvider in my
shibboleth2.xml.

I first tried adding the following configuration :

            <MetadataProvider xsi:type="FilesystemMetadataProvider"
                      xmlns="urn:mace:shibboleth:2.0:metadata"
                      id="local-metadata"
                      metadataFile="/tmp/local-metadata.xml">
              <SignatureMetadataFilter certificate="/tmp/federation.crt"/>
            </MetadataProvider>

But it broke my Apache server with the following error message in the
Apache error log :

    [Tue Jan 13 17:23:33 2009] [crit] fatal error during XML parsing:
    The prefix 'xsi' has not been mapped to any URI
    [Tue Jan 13 17:23:33 2009] [crit] shib_child_init() failed to load
    configuration


I then realized I had to define the "xsi" namespace to my
shibboleth2.xml file :

    <SPConfig ...
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

But it still broke my Apache server :

    [Wed Jan 14 10:11:28 2009] [crit] error during XML parsing: There is
    no Grammar for uri: urn:mace:shibboleth:2.0:metadata.
    [Wed Jan 14 10:11:28 2009] [crit] shib_child_init() failed to load
    configuration


What's wrong with my configuration?
What is the right way to define the "xsi" namespace?
Is the documentation
<https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider> up to date?

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Using the FilesystemMetadataProvider

Chad La Joie
The instructions you linked to, and the snippet of XML, is for the IdP
not the Service Provider.  So not, that's not going to work.  The SP
instructions are here:
https://spaces.internet2.edu/display/SHIB2/NativeSPMetadataProvider

Olivier Salaün wrote:

> Hi,
>
> I am running a Shibboleth 2.1 Service Provider.
>
> I wish to use a local metadata file and according to the
> <https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider>
> documentation I tried defining a FilesystemMetadataProvider in my
> shibboleth2.xml.
>
> I first tried adding the following configuration :
>
>            <MetadataProvider xsi:type="FilesystemMetadataProvider"
>                      xmlns="urn:mace:shibboleth:2.0:metadata"
>                      id="local-metadata"
>                      metadataFile="/tmp/local-metadata.xml">
>              <SignatureMetadataFilter certificate="/tmp/federation.crt"/>
>            </MetadataProvider>
>
> But it broke my Apache server with the following error message in the
> Apache error log :
>
>    [Tue Jan 13 17:23:33 2009] [crit] fatal error during XML parsing:
>    The prefix 'xsi' has not been mapped to any URI
>    [Tue Jan 13 17:23:33 2009] [crit] shib_child_init() failed to load
>    configuration
>
>
> I then realized I had to define the "xsi" namespace to my
> shibboleth2.xml file :
>
>    <SPConfig ...
>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
> But it still broke my Apache server :
>
>    [Wed Jan 14 10:11:28 2009] [crit] error during XML parsing: There is
>    no Grammar for uri: urn:mace:shibboleth:2.0:metadata.
>    [Wed Jan 14 10:11:28 2009] [crit] shib_child_init() failed to load
>    configuration
>
>
> What's wrong with my configuration?
> What is the right way to define the "xsi" namespace?
> Is the documentation
> <https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider> up to
> date?
>
> Thanks.

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
[hidden email], http://www.switch.ch

Reply | Threaded
Open this post in threaded view
|

Re: Using the FilesystemMetadataProvider

Olivier Salaün
I really feel silly  :-[
Thank you Chad.

Chad La Joie a écrit :

> The instructions you linked to, and the snippet of XML, is for the IdP
> not the Service Provider.  So not, that's not going to work.  The SP
> instructions are here:
> https://spaces.internet2.edu/display/SHIB2/NativeSPMetadataProvider
>
> Olivier Salaün wrote:
>  
>> Hi,
>>
>> I am running a Shibboleth 2.1 Service Provider.
>>
>> I wish to use a local metadata file and according to the
>> <https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider>
>> documentation I tried defining a FilesystemMetadataProvider in my
>> shibboleth2.xml.
>>
>> I first tried adding the following configuration :
>>
>>            <MetadataProvider xsi:type="FilesystemMetadataProvider"
>>                      xmlns="urn:mace:shibboleth:2.0:metadata"
>>                      id="local-metadata"
>>                      metadataFile="/tmp/local-metadata.xml">
>>              <SignatureMetadataFilter certificate="/tmp/federation.crt"/>
>>            </MetadataProvider>
>>
>> But it broke my Apache server with the following error message in the
>> Apache error log :
>>
>>    [Tue Jan 13 17:23:33 2009] [crit] fatal error during XML parsing:
>>    The prefix 'xsi' has not been mapped to any URI
>>    [Tue Jan 13 17:23:33 2009] [crit] shib_child_init() failed to load
>>    configuration
>>
>>
>> I then realized I had to define the "xsi" namespace to my
>> shibboleth2.xml file :
>>
>>    <SPConfig ...
>>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>
>> But it still broke my Apache server :
>>
>>    [Wed Jan 14 10:11:28 2009] [crit] error during XML parsing: There is
>>    no Grammar for uri: urn:mace:shibboleth:2.0:metadata.
>>    [Wed Jan 14 10:11:28 2009] [crit] shib_child_init() failed to load
>>    configuration
>>
>>
>> What's wrong with my configuration?
>> What is the right way to define the "xsi" namespace?
>> Is the documentation
>> <https://spaces.internet2.edu/display/SHIB2/IdPMetadataProvider> up to
>> date?
>>
>> Thanks

Reply | Threaded
Open this post in threaded view
|

Re: Using the FilesystemMetadataProvider

Chad La Joie
You can always check URLs too.  Scott and I try to use a fairly
consistent naming approach.  Pretty much all the SP stuff starts with
"NativeSP" and the IdP stuff start with "IdP".

Olivier Salaün wrote:
> I really feel silly  :-[
> Thank you Chad.
>
> Chad La Joie a écrit :
>> The instructions you linked to, and the snippet of XML, is for the IdP
>> not the Service Provider.  So not, that's not going to work.  The SP
>> instructions are here:
>> https://spaces.internet2.edu/display/SHIB2/NativeSPMetadataProvider
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
[hidden email], http://www.switch.ch

Reply | Threaded
Open this post in threaded view
|

Re: Using the FilesystemMetadataProvider

Christopher A Bongaarts
In the immortal words of Chad La Joie:
> You can always check URLs too.  Scott and I try to use a fairly
> consistent naming approach.  Pretty much all the SP stuff starts with
> "NativeSP" and the IdP stuff start with "IdP".

And all the more confusing since what you're loading into the SP is,
actually, "IdPMetadata"... ;)

%%  Christopher A. Bongaarts  %%  [hidden email]       %%
%%  Internet Services         %%  http://umn.edu/~cab  %%
%%  University of Minnesota   %%  +1 (612) 625-1809    %%