 |
 |
Hi, I'm trying to test attribute release to different SPs in the UK Federation from my dev IdP v2.1.5 using the aacli.sh script - the aacli.sh script works fine for TestShib and for SP specific Attribute Filter Policies, but it is not processing the UK Federation Policy . . . Authentication and attribute release to UK Federation (test) SPs works fine when authenticating via the IdP - I just can't get the aacli.sh script to return the attributes. If I run, for example: ./aacli.sh --principal=mw6 --configDir=../conf --requester=https://sh2testsp1.iay.org.uk/shibboleth --issuer=https://shibdev2.stir.ac.uk/idp/shibboleth --saml1 - I get: "No attribute statement." This feels like a Java Heap Space issue - trawling the logs, I see: 15:06:10.881 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:122] - Evaluating if filter policy ukFederationPolicy is active for principal mw6 15:06:10.881 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml.AbstractEntityGroupMatchFunctor:70] - No entity metadata available, unable to check if entity is in group http://ukfederation.org.uk - which suggests that it can't load the UK Federation metadata (?) I've tried increasing the maximum heap space (and starting heap space) by editing the last line of the aacli.sh script: "$JAVACMD" '-Xms256m' '-Xmx512m' '-classpath' "$LOCALCLASSPATH" '-Djava.endorsed.dirs='"$LIBDIR/endorsed" 'edu.internet2.middleware.shibboleth.common.attribute.AttributeAuthorityCLI' "$@" - but no joy . . . I've searched the list archives, and had a poke about on JIRA to see if there were any bugs listed there that I was falling foul of, but couldn't see any . . Does anyone have any thoughts or pointers as to what I'm missing? Are others using aacli.sh successfully against UK Federation SPs? Cheers, Mike Michael White eLearning Developer eLearning Liaison & Development (eLD) 3V3a, Cottrell University of Stirling Stirling SCOTLAND FK9 4LA Email: [log in to unmask]<mailto:[log in to unmask]> Tel: +44 (0) 1786 466877 Fax: +44 (0) 1786 466880 http://www.is.stir.ac.uk/aboutis/teams/aldt/eld.php -- The Sunday Times Scottish University of the Year 2009/2010 The University of Stirling is a charity registered in Scotland, number SC 011159.