[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[upki-fed:01028] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B

Subject: [upki-fed:01028] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B
Date: Thu, 03 Mar 2016 19:59:18 +0900 (JST)
From: URA Hiroshi <xxx@xxxxxxxxxx>
$B3t<02qC$9$k$H;W$$$^$9!#(B

  https://wiki.shibboleth.net/confluence/display/IDP30/SignatureValidationFilter#SignatureValidationFilter-Attributes


$B0J>e!"$h$m$7$/$*4j$$$7$^$9!#(B

>> Thu, 03 Mar 2016 19:46:39 +0900, Kentaro Ito <xxx@xxxxxxxxxxxxxx> said:

> $B%(%9%F%C%/0KF#$G$9!#(B
> 
> $B$42sEzD:$-$"$j$,$H$&$4$6$$$^$9!#$"$NFbMF$r:F$S(B metadata-providers.xml $B$K(B
> $BDI2C$7$^$7$?!#0z$-B3$-%(%i!<$N860x$rD4$Y$F!"(B
> 
>         <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
>                         certificateFile="%{idp.home}/credentials/gakunin-test-signer-2011.cer">
>         </MetadataFilter>
> 
> $B$3$NFbMF$G%(%i!<$,H/@8$7$F$$$k$3$H$,J,$+$j$^$7$?!#8!>ZMQ>ZL@=q$O;XDj$N>l(B
> $B=j$KJ]B8$7$F$"$j!"%f!<%6!<(B tomcat $B$,FI$_=q$-$9$k$?$a8"8B$bJQ99:Q$_$G$9!#(B
> 
> net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 18 in XML document from file [/opt/shibboleth-idp/conf/metadata-providers.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 18; columnNumber: 96; cvc-complex-type.3.2.2: Attribute 'requireSignedRoot' is not allowed to appear in element 'MetadataFilter'.
> 
> $B$3$N%(%i!<%m%0$+$i%(%i!<860x$rD4$Y$F$$$^$9$,!"$^$@H=L@$7$F$*$j$^$;$s!#(B
> 
> $B$3$l$r$4Mw$K$J$C$F2?$+J,$+$k$3$H$,$"$l$P$*J9$+$;D:$1$J$$$G$7$g$&$+!)(B
> 
> $B59$7$/$*4j$$CW$7$^$9!#(B
> 
> 
> $BF|;~(B: Wed, 2 Mar 2016 11:22:26 +0900
> Tatsumi Hosokawa <xxxxxxxx@xxxxxxxxxxxxxx> $B$5$s$+$i$N%a!<%k(B:
> 
>> $B7DXf5A=N(BITC$BK\It$N:Y@n$G$9!#(B
>> 
>> $B$H$j$"$($:!"F0$/>uBV$K;}$C$F$$$/$^$G$O!"2?$b>C$5$:$K:n6H$9$k$3$H$r$*$9$9$a$7$^$9!#(B
>> 
>> $B$^$?!"$=$NItJ,$OI,MW$J>l=j$G$9$N$G>C$7$F$O$$$1$J$$$H;W$$$^$9!#(B
>> <MetadataProvider id="HTTPMetadata"/>$B$O(B<MetadataProvider id="ShibbolethMetadata"/>$B$NFbB&$K$"$j$^$9$+$i!"(B
>> $B30B&$r>C$7$?$i$&$^$/F0$+$J$/$J$C$F$bA4$/IT;W5D$G$O$"$j$^$;$s!#(B
>> 
>> <!-- This file is an EXAMPLE metadata configuration file. -->
>> 
>> $B$O$3$N%U%!%$%kA4BN$,%5%s%W%k$G$"$k$H$$$&$3$H$r<($7$F$$$k$b$N$J$N$G!"(B
>> $BD>8e$N$b$N$r>C$7$F$h$$!"$H$$$&%K%e%"%s%9$G$O$"$j$^$;$s!#(B
>> 
>> $B%(%i!<$,8:$k$H$$$&$3$H$O!"$h$j:,K\E*$J%(%i!<$,=P$?$N$G=hM}A4BN$,;_$^$C$F$$$k!"(B
>> $B$H$$$&2DG=@-$b$"$k$N$G!"%(%i!<$,8:$C$?$3$H$r$b$C$F@5$7$$$HH=CG$7$J$$$[$&$,NI$$$+$H;W$$$^$9!#(B
>> 
>> $B$h$m$7$/$*4j$$$$$?$$$^$9!#(B
>> 
>> $B:Y@n(B
>> 
>> On 2016/03/02 10:31, Kentaro Ito wrote:
>> > $B$$$D$b$*@$OC$K$J$C$F$*$j$^$9!#%(%9%F%C%/0KF#$G$9!#(B
>> > 
>> > $B$42sEzD:$-$"$j$,$H$&$4$6$$$^$9!#$=$NFbMF$G$9$,!"KAF,$K(B
>> > <!-- This file is an EXAMPLE metadata configuration file. -->
>> > $B$H$"$j!"$=$NFbMF$OITMW$H;W$$:o=|$7$?$H$3$m%(%i!<%a%C%;!<%8$,>/$78:$j$^$7(B
>> > $B$?$N$G:#$bB8:_$7$F$$$J$$>uBV$G$9!#(B
>> > 
>> > 
>> > $BF|;~(B: Wed, 2 Mar 2016 08:30:23 +0900
>> > Tatsumi Hosokawa <xxxxxxxx@xxxxxxxxxxxxxx> $B$5$s$+$i$N%a!<%k(B:
>> > 
>> >> $B7DXf5A=N(BITC$BK\It$N:Y@n$G$9!#(B
>> >>
>> >> $B30$7$F$$$?$i?=$7Lu$J$$$N$G$9$,!"%U%!%$%kKAF,$N(B
>> >>
>> >> <MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
>> >>      xmlns="urn:mace:shibboleth:2.0:metadata"
>> >>      xmlns:resource="urn:mace:shibboleth:2.0:resource"
>> >>      xmlns:security="urn:mace:shibboleth:2.0:security"
>> >>      xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
>> >>      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> >>      xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
>> >>                          urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
>> >>                          urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
>> >>                          urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
>> >>
>> >> $B$H%U%!%$%kKvHx$N(B
>> >>
>> >> </MetadataProvider>
>> >>
>> >> $B$,H4$1$F$$$k!"$H$$$&$3$H$G$O$J$$$G$7$g$&$+!)(B
>> >>
>> >> $B:Y@n(B
>> >>
>> >>
>> >> On 2016/03/01 13:52, Kentaro Ito wrote:
>> >>> $B3XG'>pJs8r49%a!<%j%s%0%j%9%H(B $B%a%s%P!<3F0L(B
>> >>>
>> >>> $B$$$D$b$*@$OC$K$J$C$F$*$j$^$9!#%(%9%F%C%/0KF#$G$9!#(B
>> >>>
>> >>> $B%F%9%HMQ(BIdP$B$r9=C[$9$k:n6H$r9T$C$F$*$j$^$9!#(B
>> >>>
>> >>> metadata-providers.xml $B%U%!%$%k$NJQ99$r9T$J$C$F(B Tomcat $B$r:F5/F0$7(B wget
>> >>> $B$G%9%F!<%?%9$rI=<($7$h$&$H$9$k$H(B 500 Internal Server Error $B$,H/@8$7$F$7(B
>> >>> $B$^$9!#%U%!%$%k$r%G%U%)%k%H$KLa$9$H%(%i!<$OH/@8$7$^$;$s!#(B
>> >>>
>> >>> idp-warn.log $B$K$O$3$s$JFbMF$,5-O?$5$l$F$$$^$7$?!#(B
>> >>> -----------------------------------------------------------------------------------
>> >>> 2016-02-29 20:49:10,544 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] - Service 'shibboleth.MetadataResolverService': Initial load failed
>> >>> net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 3 in XML document from file [/opt/shibboleth-idp/conf/metadata-providers.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 3; columnNumber: 222; The prefix "xsi" for attribute "xsi:type" associated with an element type "MetadataProvider" is not bound.
>> >>> 	at net.shibboleth.ext.spring.service.ReloadableSpringService.doReload(ReloadableSpringService.java:334)
>> >>> Caused by: org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 3 in XML document from file [/opt/shibboleth-idp/conf/metadata-providers.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 3; columnNumber: 222; The prefix "xsi" for attribute "xsi:type" associated with an element type "MetadataProvider" is not bound.
>> >>> 	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:399)
>> >>> Caused by: org.xml.sax.SAXParseException: The prefix "xsi" for attribute "xsi:type" associated with an element type "MetadataProvider" is not bound.
>> >>> 	at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
>> >>> 2016-02-29 20:49:10,544 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:185] - Service 'shibboleth.MetadataResolverService': No further attempts will be made to reload
>> >>> 2016-02-29 20:49:18,490 - ERROR [org.apache.velocity:96] - ResourceManager : unable to find resource 'status.vm' in any resource loader.
>> >>> 2016-02-29 20:49:18,549 - ERROR [net.shibboleth.idp.profile:-2] - Uncaught runtime exception
>> >>> java.lang.IllegalStateException: Exception occurred rendering view org.springframework.web.servlet.view.JstlView: name 'status'; URL [/WEB-INF/jsp/status.jsp]
>> >>> 	at org.springframework.webflow.mvc.view.AbstractMvcView.render(AbstractMvcView.java:200)
>> >>> Caused by: org.apache.jasper.JasperException: java.lang.NullPointerException
>> >>> 	at org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:556)
>> >>> Caused by: java.lang.NullPointerException: null
>> >>> 	at org.apache.jsp.WEB_002dINF.jsp.status_jsp._jspService(status_jsp.java:142)
>> >>> -----------------------------------------------------------------------------------
>> >>>
>> >>> metadata-providers.xml $B$NFbMF$O$3$N$h$&$K$J$C$F$$$^$9!#%3%a%s%H%"%&%HIt(B
>> >>> $BJ,$OA4$F:o=|$7$FJ]B8$7$F$$$^$9!#(B
>> >>> -----------------------------------------------------------------------------------
>> >>> <?xml version="1.0" encoding="UTF-8"?>
>> >>> <MetadataProvider id="HTTPMetadata"
>> >>> 	xsi:type="FileBackedHTTPMetadataProvider"
>> >>> 	backingFile="%{idp.home}/metadata/gakunin-metadata-backing.xml"
>> >>> 	metadataURL="https://metadata.gakunin.nii.ac.jp/gakunin-test-metadata.xml">
>> >>>           <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
>> >>>                           certificateFile="%{idp.home}/credentials/gakunin-test-signer-2011.cer">
>> >>>           </MetadataFilter>
>> >>>           <MetadataFilter xsi:type="metadata:RequiredValidUntil" maxValidityInterval="P15D"/>
>> >>>           <MetadataFilter xsi:type="EntityRoleWhiteList">
>> >>>               <RetainedRole>md:SPSSODescriptor</RetainedRole>
>> >>>           </MetadataFilter>
>> >>>       </MetadataProvider>
>> >>> -----------------------------------------------------------------------------------
>> >>> $B$I$3$KLdBj$,$"$k$N$+65$($FD:$1$J$$$G$7$g$&$+!)(B
>> >>>
>> >>> $B%F%9%HMQ(BIdP$B$NF0:n4D6-$O0J2<$N$H$*$j$G$9!#(B
>> >>> $B!&(BCentOS 6.2
>> >>> $B!&(BOpenLDAP 2.4.40
>> >>> $B!&(BApache 2.2.15
>> >>> $B!&(BJava 1.7.0
>> >>> $B!&(BTomcat 7.0.64
>> >>> $B!&(BShibboleth IdP 3.1.2
>> >>>
>> >>> $B59$7$/$*4j$$CW$7$^$9!#(B
>> >>>
>> >>> sssssssssssssss S T E C sssssssssssssss
>> >>>    
>> >>> $B3t<02qmailto:xxx@xxxxxxxxxxxxxx
>> >>>
>> >>> $B")(B510-0241$B!!;0=E8)Nk




Follow-Ups:

[upki-fed:01029] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B
From: Kentaro Ito



References:

[upki-fed:01021] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B
From: Kentaro Ito
[upki-fed:01022] Re: テスト用IdP metadata-providers.xml のどこに問題があるのか教えて頂けないでしょうか？
From: Tatsumi Hosokawa
[upki-fed:01027] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B
From: Kentaro Ito




Prev by Date:
[upki-fed:01027] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B

Next by Date:
[upki-fed:01029] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B

Previous by thread:
[upki-fed:01027] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B

Next by thread:
[upki-fed:01029] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B

Index(es):

Date
Thread
[upki-fed:01028] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B

[upki-fed:01028] Re: $B%F%9%HMQ(BIdP metadata-providers.xml $B$N$I$3$KLdBj$,$"$k$N$+65$($F(B$BD:$1$J$$$G$7$g$&$+!)(B
