Hi Nick,
I found the same error straight after my original message, doh.
However even with setting it to a longer time (the 30 days you suggested) I still get an error as follows:
"Error Message: Shibboleth SSO request does not meet security requirements"
Guess I'll play some more / see if anyone else gets some joy.
Cheers,
Steve
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Nick Howes
Sent: 29 July 2009 15:34
To: [log in to unmask]
Subject: Re: validUntil attribute
Nick Howes wrote:
> I haven't started using this filter yet, but a quick look at the
> source suggests that if the validUntil is longer than
> maxValidityInterval (which is 7 days here) then it throws an
> exception, rejecting the metadata. So it might be safer to change the
> value to 30 days (2592000), unless anybody else is using the filter as
> is and can report no problems...?
Just to confirm, I tried the default on our development box and got this fatal error on startup
15:05:58.504 ERROR
[edu.internet2.middleware.shibboleth.common.config.BaseService:187] - Configuration was not loaded for shibboleth.RelyingPartyConfigurationM
anager service, error creating components. The root cause of this error
was: org.opensaml.saml2.metadata.provider.FilterException: Metadata's validity interva l, 2342785513ms, is larger than is allowed, 604800000ms.
So you'll definitely need to adjust the value in the XML.
Please consider the environmental impact of needlessly printing this e-mail
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions made are solely those of the author and may not necessarily represent those of Richard Huish College.
If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. Please delete it and advise the sender directly.
All email leaving and entering the College is electronically scanned for viruses, SPAM, and other content that does not meet the College's Acceptable Use Policy and may be automatically rejected or isolated for inspection.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|