-
-
Save iogbole/82c0887c2bd620a1854774470622f01e to your computer and use it in GitHub Desktop.
shib
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" | |
| validUntil="2018-05-15T20:32:30Z" | |
| cacheDuration="PT1440M" | |
| entityID="http://192.168.33.1:8090"> | |
| <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | |
| <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" | |
| Location="http://192.168.33.1:8090/controller" /> | |
| <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> | |
| <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> | |
| <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> | |
| <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> | |
| <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" | |
| Location="http://192.168.33.1:8090/controller/saml-auth" | |
| index="1" /> | |
| </md:SPSSODescriptor> | |
| <md:ContactPerson contactType="technical"> | |
| <md:GivenName>My name</md:GivenName> | |
| <md:EmailAddress>gable@yahoo.com</md:EmailAddress> | |
| </md:ContactPerson> | |
| </md:EntityDescriptor> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2017-05-17 23:28:00,474 - INFO [net.shibboleth.idp.log.LogbackLoggingService:206] - Shibboleth IdP Version 3.0.0 | |
| 2017-05-17 23:28:00,503 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:193] - Service 'shibboleth.LoggingService': Reload time set to: 300000, starting refresh thread | |
| 2017-05-17 23:28:00,526 - INFO [org.opensaml.core.config.InitializationService:48] - Initializing OpenSAML using the Java Services API | |
| 2017-05-17 23:28:00,888 - DEBUG [org.opensaml.saml.config.SAMLConfigurationInitializer:43] - Initializing SAML Artifact builder factories | |
| 2017-05-17 23:28:01,096 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmlenc#ripemd160 | |
| 2017-05-17 23:28:01,100 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 | |
| 2017-05-17 23:28:01,109 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmRegistry:206] - Algorithm failed runtime support check, will not be usable: http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 | |
| 2017-05-17 23:28:01,316 - INFO [net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategy:322] - Loading initial default key: secret1 | |
| 2017-05-17 23:28:01,346 - INFO [net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategy:334] - Default key updated to secret1 | |
| 2017-05-17 23:28:01,488 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:170] - Service 'shibboleth.AttributeFilterService': Performing initial load | |
| 2017-05-17 23:28:01,488 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:255] - Service 'shibboleth.AttributeFilterService': Reloading service configuration | |
| 2017-05-17 23:28:01,515 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/attribute-filter.xml] | |
| 2017-05-17 23:28:01,534 - DEBUG [net.shibboleth.idp.attribute.filter.spring.AttributeFilterPolicyGroupParser:69] - Parsing attribute filter policy group ShibbolethFilterPolicy | |
| 2017-05-17 23:28:01,536 - DEBUG [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:149] - Element 'AttributeFilterPolicy' 'id' attribute 'releasetoanyone' is mapped to '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeFilterPolicy:releasetoanyone' | |
| 2017-05-17 23:28:01,537 - DEBUG [net.shibboleth.idp.attribute.filter.spring.AttributeFilterPolicyParser:87] - Parsing configuration for attribute filter policy: releasetoanyone | |
| 2017-05-17 23:28:01,553 - TRACE [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:145] - Element 'PolicyRequirementRule' did not contain an 'id' attribute. Generated id '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/PolicyRequirementRule:_be87265147411d7e51d771e5819e9f6b' will be used | |
| 2017-05-17 23:28:01,554 - TRACE [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:145] - Element 'AttributeRule' did not contain an 'id' attribute. Generated id '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_c344d46ba544e002d89c0b48b889a470' will be used | |
| 2017-05-17 23:28:01,555 - TRACE [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:145] - Element 'PermitValueRule' did not contain an 'id' attribute. Generated id '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/PermitValueRule:_670b54585333a85aa862a4c383cb1341' will be used | |
| 2017-05-17 23:28:01,556 - DEBUG [net.shibboleth.idp.attribute.filter.spring.AttributeRuleParser:102] - permitValueRules [Generic bean: class [net.shibboleth.idp.attribute.filter.Matcher$1]; scope=prototype; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] | |
| 2017-05-17 23:28:01,556 - TRACE [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:145] - Element 'AttributeRule' did not contain an 'id' attribute. Generated id '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_92191d627b98d18ab0d3026da3649821' will be used | |
| 2017-05-17 23:28:01,557 - TRACE [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:145] - Element 'PermitValueRule' did not contain an 'id' attribute. Generated id '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/PermitValueRule:_239b03943f01ad21f5c47e909a5d01f6' will be used | |
| 2017-05-17 23:28:01,557 - DEBUG [net.shibboleth.idp.attribute.filter.spring.AttributeRuleParser:102] - permitValueRules [Generic bean: class [net.shibboleth.idp.attribute.filter.Matcher$1]; scope=prototype; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] | |
| 2017-05-17 23:28:01,557 - TRACE [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:145] - Element 'AttributeRule' did not contain an 'id' attribute. Generated id '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_92819d54d9d3d975dac60b4bb61cf41f' will be used | |
| 2017-05-17 23:28:01,557 - TRACE [net.shibboleth.idp.attribute.filter.spring.BaseFilterParser:145] - Element 'PermitValueRule' did not contain an 'id' attribute. Generated id '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/PermitValueRule:_4ea7a09742799037e8e53051fa13e71d' will be used | |
| 2017-05-17 23:28:01,558 - DEBUG [net.shibboleth.idp.attribute.filter.spring.AttributeRuleParser:102] - permitValueRules [Generic bean: class [net.shibboleth.idp.attribute.filter.Matcher$1]; scope=prototype; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] | |
| 2017-05-17 23:28:01,558 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:510] - Refreshing ApplicationContext:shibboleth.AttributeFilterService: startup date [Wed May 17 23:28:01 BST 2017]; parent: Root WebApplicationContext | |
| 2017-05-17 23:28:01,577 - DEBUG [net.shibboleth.idp.attribute.filter.spring.AttributeFilterServiceStrategy:54] - Creating Attribute Filter ShibbolethAttributeFilter with 1 Policies | |
| 2017-05-17 23:28:01,579 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:376] - Service 'shibboleth.AttributeFilterService': Completed reload and swapped in latest configuration for service 'shibboleth.AttributeFilterService' | |
| 2017-05-17 23:28:01,579 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:383] - Service 'shibboleth.AttributeFilterService': Reload complete | |
| 2017-05-17 23:28:01,580 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:193] - Service 'shibboleth.AttributeFilterService': Reload time set to: 900000, starting refresh thread | |
| 2017-05-17 23:28:01,583 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:170] - Service 'shibboleth.AttributeResolverService': Performing initial load | |
| 2017-05-17 23:28:01,583 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:255] - Service 'shibboleth.AttributeResolverService': Reloading service configuration | |
| 2017-05-17 23:28:01,584 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/attribute-resolver.xml] | |
| 2017-05-17 23:28:01,612 - INFO [net.shibboleth.idp.attribute.resolver.spring.BaseResolverPluginParser:58] - Parsing configuration for AttributeDefinition plugin with id : eduPersonPrincipalName | |
| 2017-05-17 23:28:01,613 - INFO [net.shibboleth.idp.attribute.resolver.spring.ResolverPluginDependencyParser:52] - Parsing configuration for Dependency with pluginId : uid | |
| 2017-05-17 23:28:01,613 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.BaseAttributeDefinitionParser:95] - Attribute Definition 'eduPersonPrincipalName': setting sourceAttributeId uid. | |
| 2017-05-17 23:28:01,613 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.BaseAttributeDefinitionParser:106] - Attribute Definition 'eduPersonPrincipalName': adding 2 encoders. | |
| 2017-05-17 23:28:01,623 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.ScopedAttributeDefinitionParser:55] - Attribute Definition 'eduPersonPrincipalName': setting scope to '%{idp.scope}'. | |
| 2017-05-17 23:28:01,624 - INFO [net.shibboleth.idp.attribute.resolver.spring.BaseResolverPluginParser:58] - Parsing configuration for AttributeDefinition plugin with id : uid | |
| 2017-05-17 23:28:01,624 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.BaseAttributeDefinitionParser:106] - Attribute Definition 'uid': adding 2 encoders. | |
| 2017-05-17 23:28:01,626 - INFO [net.shibboleth.idp.attribute.resolver.spring.BaseResolverPluginParser:58] - Parsing configuration for AttributeDefinition plugin with id : mail | |
| 2017-05-17 23:28:01,626 - INFO [net.shibboleth.idp.attribute.resolver.spring.ResolverPluginDependencyParser:52] - Parsing configuration for Dependency with pluginId : uid | |
| 2017-05-17 23:28:01,626 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.BaseAttributeDefinitionParser:106] - Attribute Definition 'mail': adding 2 encoders. | |
| 2017-05-17 23:28:01,627 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.TemplateAttributeDefinitionParser:73] - Attribute Definition 'mail': template is '${uid}@example.org' | |
| 2017-05-17 23:28:01,628 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.TemplateAttributeDefinitionParser:85] - Attribute Definition 'mail': source attributes are '[uid]'. | |
| 2017-05-17 23:28:01,628 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.TemplateAttributeDefinitionParser:93] - Attribute Definition 'mail': velocity engine reference 'shibboleth.VelocityEngine'. | |
| 2017-05-17 23:28:01,628 - INFO [net.shibboleth.idp.attribute.resolver.spring.BaseResolverPluginParser:58] - Parsing configuration for AttributeDefinition plugin with id : eduPersonScopedAffiliation | |
| 2017-05-17 23:28:01,628 - INFO [net.shibboleth.idp.attribute.resolver.spring.ResolverPluginDependencyParser:52] - Parsing configuration for Dependency with pluginId : staticAttributes | |
| 2017-05-17 23:28:01,628 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.BaseAttributeDefinitionParser:95] - Attribute Definition 'eduPersonPrincipalName': setting sourceAttributeId affiliation. | |
| 2017-05-17 23:28:01,629 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.BaseAttributeDefinitionParser:106] - Attribute Definition 'eduPersonPrincipalName': adding 2 encoders. | |
| 2017-05-17 23:28:01,629 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.ad.ScopedAttributeDefinitionParser:55] - Attribute Definition 'eduPersonPrincipalName': setting scope to '%{idp.scope}'. | |
| 2017-05-17 23:28:01,634 - INFO [net.shibboleth.idp.attribute.resolver.spring.BaseResolverPluginParser:58] - Parsing configuration for DataConnector plugin with id : staticAttributes | |
| 2017-05-17 23:28:01,635 - TRACE [net.shibboleth.idp.attribute.resolver.spring.dc.StaticDataConnectorParser:75] - Data Connector 'staticAttributes': Attribute: affiliation, adding value member | |
| 2017-05-17 23:28:01,636 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.dc.StaticDataConnectorParser:80] - Data Connector 'staticAttributes': Adding Attribute: affiliation with 1 values | |
| 2017-05-17 23:28:01,636 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:510] - Refreshing ApplicationContext:shibboleth.AttributeResolverService: startup date [Wed May 17 23:28:01 BST 2017]; parent: Root WebApplicationContext | |
| 2017-05-17 23:28:01,705 - DEBUG [net.shibboleth.idp.attribute.resolver.spring.AttributeResolverServiceStrategy:64] - Creating Attribute Resolver ShibbolethAttributeResolver with 4 Attribute Definition(s), 1 Data Connector(s) and 0 Principal Connector(s) | |
| 2017-05-17 23:28:01,707 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:441] - Attribute Resolver 'ShibbolethAttributeResolver': Checking if data connector 'staticAttributes' is has a circular dependency | |
| 2017-05-17 23:28:01,708 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:446] - Attribute Resolver 'ShibbolethAttributeResolver': Checking if attribute definition 'uid' has a circular dependency | |
| 2017-05-17 23:28:01,708 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:446] - Attribute Resolver 'ShibbolethAttributeResolver': Checking if attribute definition 'eduPersonPrincipalName' has a circular dependency | |
| 2017-05-17 23:28:01,708 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:446] - Attribute Resolver 'ShibbolethAttributeResolver': Checking if attribute definition 'mail' has a circular dependency | |
| 2017-05-17 23:28:01,708 - DEBUG [net.shibboleth.idp.attribute.resolver.impl.AttributeResolverImpl:446] - Attribute Resolver 'ShibbolethAttributeResolver': Checking if attribute definition 'eduPersonScopedAffiliation' has a circular dependency | |
| 2017-05-17 23:28:01,709 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:376] - Service 'shibboleth.AttributeResolverService': Completed reload and swapped in latest configuration for service 'shibboleth.AttributeResolverService' | |
| 2017-05-17 23:28:01,709 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:383] - Service 'shibboleth.AttributeResolverService': Reload complete | |
| 2017-05-17 23:28:01,709 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:193] - Service 'shibboleth.AttributeResolverService': Reload time set to: 900000, starting refresh thread | |
| 2017-05-17 23:28:01,712 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:170] - Service 'shibboleth.NameIdentifierGenerationService': Performing initial load | |
| 2017-05-17 23:28:01,712 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:255] - Service 'shibboleth.NameIdentifierGenerationService': Reloading service configuration | |
| 2017-05-17 23:28:01,713 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/saml-nameid.xml] | |
| 2017-05-17 23:28:01,721 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/system/conf/saml-nameid-system.xml] | |
| 2017-05-17 23:28:01,726 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:510] - Refreshing ApplicationContext:shibboleth.NameIdentifierGenerationService: startup date [Wed May 17 23:28:01 BST 2017]; parent: Root WebApplicationContext | |
| 2017-05-17 23:28:01,786 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:376] - Service 'shibboleth.NameIdentifierGenerationService': Completed reload and swapped in latest configuration for service 'shibboleth.NameIdentifierGenerationService' | |
| 2017-05-17 23:28:01,787 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:383] - Service 'shibboleth.NameIdentifierGenerationService': Reload complete | |
| 2017-05-17 23:28:01,787 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:193] - Service 'shibboleth.NameIdentifierGenerationService': Reload time set to: 900000, starting refresh thread | |
| 2017-05-17 23:28:01,790 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:170] - Service 'shibboleth.RelyingPartyResolverService': Performing initial load | |
| 2017-05-17 23:28:01,790 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:255] - Service 'shibboleth.RelyingPartyResolverService': Reloading service configuration | |
| 2017-05-17 23:28:01,791 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/relying-party.xml] | |
| 2017-05-17 23:28:01,800 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/credentials.xml] | |
| 2017-05-17 23:28:01,805 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/system/conf/relying-party-system.xml] | |
| 2017-05-17 23:28:01,812 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:510] - Refreshing ApplicationContext:shibboleth.RelyingPartyResolverService: startup date [Wed May 17 23:28:01 BST 2017]; parent: Root WebApplicationContext | |
| 2017-05-17 23:28:02,009 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:170] - Service 'shibboleth.MetadataResolverService': Performing initial load | |
| 2017-05-17 23:28:02,010 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:255] - Service 'shibboleth.MetadataResolverService': Reloading service configuration | |
| 2017-05-17 23:28:02,011 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/metadata-providers.xml] | |
| 2017-05-17 23:28:02,155 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/system/conf/metadata-providers-system.xml] | |
| 2017-05-17 23:28:02,161 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:510] - Refreshing ApplicationContext:shibboleth.MetadataResolverService: startup date [Wed May 17 23:28:02 BST 2017]; parent: Root WebApplicationContext | |
| 2017-05-17 23:28:02,194 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:283] - Beginning refresh of metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,195 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:290] - Processing new metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,196 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:379] - Unmarshalling metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,196 - TRACE [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:240] - Parsing retrieved metadata into a DOM object | |
| 2017-05-17 23:28:02,197 - TRACE [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:243] - Unmarshalling and caching metadata DOM | |
| 2017-05-17 23:28:02,258 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:423] - Preprocessing metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,259 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:276] - Applying metadata filter | |
| 2017-05-17 23:28:02,266 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:433] - Releasing cached DOM for metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,267 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:437] - Post-processing metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,267 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:441] - Computing expiration time for metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,268 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:446] - Expiration of metadata from '/opt/shibboleth-idp/metadata/controller-idp.xml' will occur at 2017-05-18T02:28:02.194Z | |
| 2017-05-17 23:28:02,269 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:465] - New metadata succesfully loaded for '/opt/shibboleth-idp/metadata/controller-idp.xml' | |
| 2017-05-17 23:28:02,270 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractReloadingMetadataResolver:306] - Next refresh cycle for metadata provider '/opt/shibboleth-idp/metadata/controller-idp.xml' will occur on '2017-05-18T01:28:02.213Z' ('2017-05-18T02:28:02.213+01:00' local time) | |
| 2017-05-17 23:28:02,273 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:376] - Service 'shibboleth.MetadataResolverService': Completed reload and swapped in latest configuration for service 'shibboleth.MetadataResolverService' | |
| 2017-05-17 23:28:02,273 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:383] - Service 'shibboleth.MetadataResolverService': Reload complete | |
| 2017-05-17 23:28:02,326 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:376] - Service 'shibboleth.RelyingPartyResolverService': Completed reload and swapped in latest configuration for service 'shibboleth.RelyingPartyResolverService' | |
| 2017-05-17 23:28:02,326 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:383] - Service 'shibboleth.RelyingPartyResolverService': Reload complete | |
| 2017-05-17 23:28:02,326 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:193] - Service 'shibboleth.RelyingPartyResolverService': Reload time set to: 900000, starting refresh thread | |
| 2017-05-17 23:28:02,328 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:170] - Service 'shibboleth.ReloadableAccessControlService': Performing initial load | |
| 2017-05-17 23:28:02,328 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:255] - Service 'shibboleth.ReloadableAccessControlService': Reloading service configuration | |
| 2017-05-17 23:28:02,329 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/conf/access-control.xml] | |
| 2017-05-17 23:28:02,335 - INFO [net.shibboleth.ext.spring.util.SchemaTypeAwareXMLBeanDefinitionReader:317] - Loading XML bean definitions from file [/opt/shibboleth-idp/system/conf/access-control-system.xml] | |
| 2017-05-17 23:28:02,339 - INFO [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:510] - Refreshing ApplicationContext:shibboleth.ReloadableAccessControlService: startup date [Wed May 17 23:28:02 BST 2017]; parent: Root WebApplicationContext | |
| 2017-05-17 23:28:02,350 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:376] - Service 'shibboleth.ReloadableAccessControlService': Completed reload and swapped in latest configuration for service 'shibboleth.ReloadableAccessControlService' | |
| 2017-05-17 23:28:02,350 - INFO [net.shibboleth.ext.spring.service.ReloadableSpringService:383] - Service 'shibboleth.ReloadableAccessControlService': Reload complete | |
| 2017-05-17 23:28:02,351 - INFO [net.shibboleth.utilities.java.support.service.AbstractReloadableService:193] - Service 'shibboleth.ReloadableAccessControlService': Reload time set to: 300000, starting refresh thread | |
| 2017-05-17 23:28:02,481 - INFO [net.shibboleth.ext.spring.context.DeferPlaceholderFileSystemXmlWebApplicationContext:510] - Refreshing WebApplicationContext for namespace 'idp-servlet': startup date [Wed May 17 23:28:02 BST 2017]; parent: Root WebApplicationContext | |
| 2017-05-17 23:28:02,849 - INFO [net.shibboleth.idp.authn.impl.RemoteUserAuthServlet:134] - RemoteUserAuthServlet will process REMOTE_USER, along with attributes [] and headers [] | |
| 2017-05-17 23:30:28,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:68] - Beginning to decode message from HttpServletRequest | |
| 2017-05-17 23:30:28,193 - DEBUG [net.shibboleth.idp.saml.saml1.profile.impl.IdPInitiatedSSORequestMessageDecoder:88] - Decoded SAML relay state: http://192.168.33.1:8090/controller | |
| 2017-05-17 23:30:28,193 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:71] - Successfully decoded message from HttpServletRequest. | |
| 2017-05-17 23:30:28,225 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile Action PopulateAuditContext: Skipping field 'p' not included in audit format | |
| 2017-05-17 23:30:28,225 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile Action PopulateAuditContext: Skipping field 'pasv' not included in audit format | |
| 2017-05-17 23:30:28,226 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile Action PopulateAuditContext: Adding 1 value for field 'I' | |
| 2017-05-17 23:30:28,226 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile Action PopulateAuditContext: Adding 1 value for field 'b' | |
| 2017-05-17 23:30:28,226 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile Action PopulateAuditContext: Skipping field 'D' not included in audit format | |
| 2017-05-17 23:30:28,227 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:198] - Profile Action PopulateAuditContext: Skipping field 'fauth' not included in audit format | |
| 2017-05-17 23:30:28,241 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler' on INBOUND message context | |
| 2017-05-17 23:30:28,241 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'net.shibboleth.idp.saml.profile.impl.IdPInitiatedSSORequest' | |
| 2017-05-17 23:30:28,241 - DEBUG [org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler:85] - Message type was not recognized | |
| 2017-05-17 23:30:28,246 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml1.binding.impl.SAML1ArtifactRequestIssuerHandler' on INBOUND message context | |
| 2017-05-17 23:30:28,247 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'net.shibboleth.idp.saml.profile.impl.IdPInitiatedSSORequest' | |
| 2017-05-17 23:30:28,247 - TRACE [org.opensaml.saml.saml1.binding.impl.SAML1ArtifactRequestIssuerHandler:78] - Message Handler: Request message not set, or not of an applicable type | |
| 2017-05-17 23:30:28,251 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler' on INBOUND message context | |
| 2017-05-17 23:30:28,252 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'net.shibboleth.idp.saml.profile.impl.IdPInitiatedSSORequest' | |
| 2017-05-17 23:30:28,262 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler' on INBOUND message context | |
| 2017-05-17 23:30:28,263 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'net.shibboleth.idp.saml.profile.impl.IdPInitiatedSSORequest' | |
| 2017-05-17 23:30:28,266 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:334] - Metadata backing store does not contain any EntityDescriptors with the ID: appD | |
| 2017-05-17 23:30:28,266 - DEBUG [org.opensaml.saml.metadata.resolver.impl.BasicRoleDescriptorResolver:198] - Metadata document did not contain a descriptor for entity appD | |
| 2017-05-17 23:30:28,266 - DEBUG [org.opensaml.saml.metadata.resolver.impl.BasicRoleDescriptorResolver:281] - Metadata document did not contain any role descriptors of type {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor for entity appD | |
| 2017-05-17 23:30:28,267 - DEBUG [org.opensaml.saml.metadata.resolver.impl.BasicRoleDescriptorResolver:252] - Metadata document does not contain a role of type {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor supporting protocol urn:oasis:names:tc:SAML:1.1:protocol for entity appD | |
| 2017-05-17 23:30:28,267 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:108] - Message Handler: No metadata returned for appD in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:1.1:protocol | |
| 2017-05-17 23:30:28,276 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:154] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler' on INBOUND message context | |
| 2017-05-17 23:30:28,276 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:175] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'net.shibboleth.idp.saml.profile.impl.IdPInitiatedSSORequest' | |
| 2017-05-17 23:30:28,277 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:109] - Message Handler: No metadata context found, nothing to do | |
| 2017-05-17 23:30:28,282 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:132] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer appD | |
| 2017-05-17 23:30:28,286 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:286] - Resolving relying party configuration | |
| 2017-05-17 23:30:28,287 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:292] - Profile request is unverified, returning configuration shibboleth.UnverifiedRelyingParty | |
| 2017-05-17 23:30:28,287 - DEBUG [net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] - Profile Action SelectRelyingPartyConfiguration: Found relying party configuration shibboleth.UnverifiedRelyingParty for request | |
| 2017-05-17 23:30:28,290 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile Action PopulateAuditContext: Adding 1 value for field 'IDP' | |
| 2017-05-17 23:30:28,290 - DEBUG [net.shibboleth.idp.profile.audit.impl.PopulateAuditContext:220] - Profile Action PopulateAuditContext: Adding 1 value for field 'SP' | |
| 2017-05-17 23:30:28,294 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:111] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml1/sso/browser is not available for relying party configuration shibboleth.UnverifiedRelyingParty | |
| 2017-05-17 23:30:28,298 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:154] - No SAMLBindingContext or binding URI available, error must be handled locally | |
| 2017-05-17 23:43:01,354 - INFO [net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategy:326] - Default key version has not changed, still secret1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!-- This file is an EXAMPLE metadata configuration file. --> | |
| <MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" | |
| xmlns="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource" | |
| xmlns:security="urn:mace:shibboleth:2.0:security" | |
| xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd | |
| urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd | |
| urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd | |
| urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd"> | |
| <!-- ========================================================================================== --> | |
| <!-- Metadata Configuration --> | |
| <!-- --> | |
| <!-- Below you place the mechanisms which define how to load the metadata for the SP you will --> | |
| <!-- provide a service to. --> | |
| <!-- --> | |
| <!-- Two examples are provided. The Shibboleth Documentation --> | |
| <!-- https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMetadataProvider provides more --> | |
| <!-- details. --> | |
| <!-- --> | |
| <!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. --> | |
| <!-- --> | |
| <!-- ========================================================================================== --> | |
| <!-- Example HTTP metadata provider. Use this if you want to download | |
| the metadata from a remote service. | |
| You *MUST* provider the SignatureValidationFilter in order to function securely. | |
| Get the PubLic key, and validate it via some out of band mechanism, from the | |
| party publishing the metadata | |
| The EntityRoleWhiteList saves memory by only loading metadata from entity types | |
| that you will interoperate with. | |
| <MetadataProvider id="HTTPMetadata" | |
| xsi:type="metadata:FileBackedHTTPMetadataProvider" | |
| backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml" | |
| metadataURL="http://WHATEVER"> | |
| <MetadataFilter xsi:type="SignatureValidation" | |
| requireSignedMetadata="false"> | |
| <PublicKey> | |
| THIS IS AN EXAMPLE | |
| MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg0TyQAP/tIvOH89EtaX | |
| uRRn8SYzTj7W1TbNY4VvBmobjkRmSkki4hH9x4sQpi635wn6WtXTN/FNNmkTK3N/ | |
| LspmBWxfZS+n+cc7I82E5yvCAPX67QsZgqgglp2W5dvK/FsMMCS6X6SVqzBLMP88 | |
| NenXKxY+HMxMs0sT0UKYh1cAEqadrHRBO65aDBcm5a0sBVYt9K6pgaOHrp/zSIbh | |
| nR5tFFLjBbtFktDpHL3AdGBH3OYidNGKBO3tJ3Ms7LeKXsM0+0Y4P+9fHZINL2X3 | |
| E2N6GVnKs5PZTg9sP0FtIpAbYm/+zCx7Yj1ET/Er8mDd6tNVGSQsn9s5xUBwGqn1 | |
| 4wIDAQAB | |
| </PublicKey> | |
| </MetadataFilter> | |
| <MetadataFilter xsi:type="EntityRoleWhiteList"> | |
| <RetainedRole>samlmd:SPSSODescriptor</RetainedRole> | |
| </MetadataFilter> | |
| </MetadataProvider> | |
| --> | |
| <!-- Example file metadata provider. Use this if you want to load metadata | |
| from a local file. You might use this if you have some local SPs | |
| which are not "federated" but you wish to offer a service to. | |
| If you do not provide a SignatureValidation filter then you *have* | |
| to know that the file is valid. | |
| --> | |
| <MetadataProvider id="appD" xsi:type="FilesystemMetadataProvider" | |
| xmlns="urn:mace:shibboleth:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd" | |
| failFastInitialization="true" | |
| metadataFile="/opt/shibboleth-idp/metadata/controller-idp.xml"/> | |
| </MetadataProvider> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:context="http://www.springframework.org/schema/context" | |
| xmlns:util="http://www.springframework.org/schema/util" | |
| xmlns:p="http://www.springframework.org/schema/p" | |
| xmlns:c="http://www.springframework.org/schema/c" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd | |
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" | |
| default-init-method="initialize" | |
| default-destroy-method="destroy"> | |
| <!-- | |
| Unverified RP configuration, defaults to no support for any profiles. Add <ref> elements to the list | |
| to enable specific default profile settings (as below), or create new beans inline to override defaults. | |
| "Unverified" typically means the IdP has no metadata, or equivalent way of assuring the identity and | |
| legitimacy of a requesting system. To run an "open" IdP, you can enable profiles here. | |
| --> | |
| <bean id="shibboleth.UnverifiedRelyingParty" parent="RelyingParty"> | |
| <property name="profileConfigurations"> | |
| <list> | |
| <!-- <bean parent="SAML2.SSO" p:encryptAssertions="false" /> --> | |
| </list> | |
| </property> | |
| </bean> | |
| <!-- | |
| Default configuration, with default settings applied for all profiles, and enables | |
| the attribute-release consent flow. | |
| --> | |
| <bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty"> | |
| <property name="profileConfigurations"> | |
| <list> | |
| <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" /> | |
| <ref bean="SAML1.AttributeQuery" /> | |
| <ref bean="SAML1.ArtifactResolution" /> | |
| <bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" /> | |
| <ref bean="SAML2.ECP" /> | |
| <ref bean="SAML2.Logout" /> | |
| <ref bean="SAML2.AttributeQuery" /> | |
| <ref bean="SAML2.ArtifactResolution" /> | |
| </list> | |
| </property> | |
| </bean> | |
| <!-- Container for any overrides you want to add. --> | |
| <util:list id="shibboleth.RelyingPartyOverrides"> | |
| <!-- | |
| Override example that identifies a single RP by name and configures it | |
| for SAML 2 SSO without encryption. This is a common "vendor" scenario. | |
| --> | |
| <bean parent="RelyingPartyByName" c:relyingPartyIds="appD"> | |
| <property name="profileConfigurations"> | |
| <list> | |
| <bean parent="SAML2.SSO" p:encryptAssertions="false" /> | |
| </list> | |
| </property> | |
| </bean> | |
| </util:list> | |
| </beans> |
Author
iogbole
commented
May 19, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment