> So, right now I get a MetadataException because, I guess, I haven't
> configured things properly.
>
> 2010-10-22 00:39:39 WARN ShibbolethResolver : unable to locate metadata
for
> provider ()
No, just a bug that's causing it to think there's an issuing authority being
passed in when there isn't. It shouldn't be running the code that's logging
that.
> Presently this is being caught and ignored, but it also could be
propagated
> to the application as an error (either fail the authentication or fail all
> naming extensions requests).
It wouldn't happen in the case you're seeing it (just checked in a fix), but
it could happen in general, I forgot about that particular case. If you tell
the API that there's a trusted authority that it should treat as the
"source" of the user's context, it will require metadata for that authority
or throw that exception out.
The main reason it goes looking for metadata is that the resolver can
extract attributes found in the metadata in extensions that allow the
authority to be tagged with information that can be passed back to the
application along with the user's own attributes.
-- Scott
|