AH HAH! THANKYOU! That's done it :)
[been bashing my head against this since yesterday afternoon]
--
Matthew Slowe
Server Infrastructure Team e: [log in to unmask]
IS, University of Kent t: +44 (0)1227 824265
Canterbury, UK w: www.kent.ac.uk
On 13 Feb 2013, at 12:39, "Gilbertson, John" <[log in to unmask]>
wrote:
> Hi Matthew,
>
> I'm not sure if it's just your email client, or if it's in the actual file, but there seems to be an extraneous Unicode character just before your </rp:RelyingParty> that may not be visible in many editors/fonts.
>
> Might be worth a try just deleting that.
>
> John Gilbertson
> Computing Services Department
> The University of Liverpool
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Matthew Slowe
> Sent: 13 February 2013 12:34
> To: [log in to unmask]
> Subject: Element 'RelyingParty' cannot have character [children]
>
> I am trying to set up a new IdP from scratch...
>
> With 2.3.8 (and downgrading to 2.3.6), I am getting the following error while starting up:
>
> 12:27:12.317 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:188] - Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components. The root cause of this error was: org.xml.sax.SAXParseException: cvc-complex-type.2.3: Element 'rp:RelyingParty' cannot have character [children], because the type's content type is element-only.
>
> I have added a manual RelyingParty element (for Office365) inside the <rp:RelyingPartGroup> element:
>
> <!-- Microsoft Windows Azure AD -->
> <rp:RelyingParty id="urn:federation:MicrosoftOnline"
> provider="https://manasseh.kent.ac.uk/idp/a/shibboleth"
> defaultSigningCredentialRef="IdPCredential"
> nameIDFormatPrecedence="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
>>
> <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
> signAssertions="conditional"
> encryptAssertions="never"
> encryptNameIds="never" />
> </rp:RelyingParty>
>
> If I comment out the whole block then it's ok.
>
> If I remove the ProfileConfiguration element and turn it into an "attribute only" thing (<rp:RelyingParty ... />) then it's ok.
>
> All the examples say this should be ok ... and is ok on another of my IdPs.
>
> Full copy of the relying-party.xml at http://pastebin.com/aVCrBjnK
>
> I can't see the problem :( Please help...
>
> --
> Matthew Slowe
> Server Infrastructure Team e: [log in to unmask]
> IS, University of Kent t: +44 (0)1227 824265
> Canterbury, UK w: www.kent.ac.uk
>
|