JISCMail - JISC-SHIBBOLETH Archives

I am trying to set up a new IdP from scratch... 

With 2.3.8 (and downgrading to 2.3.6), I am getting the following error while starting up:

12:27:12.317 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:188] - Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components.  The root cause of this error was: org.xml.sax.SAXParseException: cvc-complex-type.2.3: Element 'rp:RelyingParty' cannot have character [children], because the type's content type is element-only.

I have added a manual RelyingParty element (for Office365) inside the <rp:RelyingPartGroup> element:

    <!-- Microsoft Windows Azure AD -->
    <rp:RelyingParty id="urn:federation:MicrosoftOnline" 
                     provider="https://manasseh.kent.ac.uk/idp/a/shibboleth" 
                     defaultSigningCredentialRef="IdPCredential"
                      nameIDFormatPrecedence="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                     >
            <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" 
                                  signAssertions="conditional"
                                  encryptAssertions="never"
                                  encryptNameIds="never" />
    </rp:RelyingParty>

If I comment out the whole block then it's ok.

If I remove the ProfileConfiguration element and turn it into an "attribute only" thing (<rp:RelyingParty ... />) then it's ok.

All the examples say this should be ok ... and is ok on another of my IdPs.

Full copy of the relying-party.xml at http://pastebin.com/aVCrBjnK

I can't see the problem :( Please help...

-- 
Matthew Slowe
Server Infrastructure Team      e: [log in to unmask]
IS, University of Kent          t: +44 (0)1227 824265
Canterbury, UK                  w: www.kent.ac.uk