FYI,
I just reconfigured my test IdP to put the filter back in and everything
worked straight up.
> Error Message: Shibboleth SSO request does not meet security requirements"
You'll need to spelunk your log, but this feels more like a cert problem.
Have you tried against a Shib2 SP in SAML2 mode
https://dlib-adidp.ucs.ed.ac.uk/discovery/ukfull.wayf?entityID=https://sh2testsp1.iay.org.uk/shibboleth
(this is a test DS I'm playing with so *please* do not rely on it being
there)
----- Original Message -----
From: "Steve Prentice" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, July 29, 2009 3:51 PM
Subject: Re: validUntil attribute
Hi Nick,
I found the same error straight after my original message, doh.
However even with setting it to a longer time (the 30 days you suggested) I
still get an error as follows:
"Error Message: Shibboleth SSO request does not meet security requirements"
Guess I'll play some more / see if anyone else gets some joy.
Cheers,
Steve
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Nick Howes
Sent: 29 July 2009 15:34
To: [log in to unmask]
Subject: Re: validUntil attribute
Nick Howes wrote:
> I haven't started using this filter yet, but a quick look at the
> source suggests that if the validUntil is longer than
> maxValidityInterval (which is 7 days here) then it throws an
> exception, rejecting the metadata. So it might be safer to change the
> value to 30 days (2592000), unless anybody else is using the filter as
> is and can report no problems...?
Just to confirm, I tried the default on our development box and got this
fatal error on startup
15:05:58.504 ERROR
[edu.internet2.middleware.shibboleth.common.config.BaseService:187] -
Configuration was not loaded for shibboleth.RelyingPartyConfigurationM
anager service, error creating components. The root cause of this error
was: org.opensaml.saml2.metadata.provider.FilterException: Metadata's
validity interva l, 2342785513ms, is larger than is allowed, 604800000ms.
So you'll definitely need to adjust the value in the XML.
Please consider the environmental impact of needlessly printing this e-mail
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This email is confidential and intended solely for the use of the individual
to whom it is addressed. Any views or opinions made are solely those of the
author and may not necessarily represent those of Richard Huish College.
If you are not the intended recipient, be advised that you have received
this email in error and that any use, dissemination, forwarding, printing or
copying of this email is strictly prohibited. Please delete it and advise
the sender directly.
All email leaving and entering the College is electronically scanned for
viruses, SPAM, and other content that does not meet the College's Acceptable
Use Policy and may be automatically rejected or isolated for inspection.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|