Hi all,
We’ve just upgraded our IdP to Shib2 and are having trouble with Refworks and one or two others.
Attempts to log into Refworks display an error that we haven’t released eduPersonTargetedID. As far as I can tell from the IdP logs we’re retrieving it from LDAP and encoding it and the attribute filters aren’t blocking it but it still fails. Using other sites (the Federation Test SP for example) displays eduPersonTargetedID and the new persistentID correctly. We're using the old and new formats as on the federation website.
The only clue I have is that the IdP (when logging is set to TRACE) puts the following line in the log when searching the metadata for the entityID:
07:56:17.808 - TRACE [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:257] - Found entity descriptor for entity with ID https://www.refworks.com/shibboleth/sp but it is no longer valid, skipping it.
Our federation metadata was updated this morning so I'm not sure where it why this would be the case. The expiry time in the metadata config in relying-party.xml is as set on the UK Federation site.
Is there anyone using Refworks with Shib2 able to tell us where we might find the problem? Refworks have suggested it's because they're still using Shib1.3 but I can't find anything on the web suggetsing exceptions or differences needed to support this....
Any help gratefully received!
cheers
dave
--
Dave Thornley
Service Support Manager
IT Infrastructure Service
Sheffield Hallam University
Tel: 0114 225 3822 / 07771 974349
Email: [log in to unmask]
|