Menu
▾
▴
Re: [Unity-idm-discuss] Authentication fails
|
From: Krzysztof B. <go...@ic...> - 2015-06-12 15:37:26
|
Hi, W dniu 12.06.2015 o 12:18, Gerben Venekamp pisze: > Running the latest version of Unity: 1.6.0 > > I tried to configure it with the metadatasource, however this gives me > the following warning: > > 2015-06-12 11:44:30,376 [pool-1-thread-1] DEBUG > unity.server.saml.MetaDownloadManager - Downloading metadata from > https://engine.surfconext.nl/authentication/idp/metadata to > /var/lib/unity-idm/workspace/downloadedMetadata/75681424e34ca7710fa9a3bf0b398bd2_part > 2015-06-12 11:44:31,454 [pool-1-thread-1] DEBUG > unity.server.saml.MetaDownloadManager - Downloaded metadata from > https://engine.surfconext.nl/authentication/idp/metadata to final file > /var/lib/unity-idm/workspace/downloadedMetadata/75681424e34ca7710fa9a3bf0b398bd2 > 2015-06-12 11:44:31,495 [pool-1-thread-1] WARN > unity.server.saml.RemoteMetaManager - Metadata from > https://engine.surfconext.nl/authentication/idp/metadata was downloaded, > but can not be parsed > org.apache.xmlbeans.XmlException: Element > EntityDescriptor@urn:oasis:names:tc:SAML:2.0:metadata is not a valid > EntitiesDescriptor@urn:oasis:names:tc:SAML:2.0:metadata document or a > valid substitution. You have configured IdP metadata instead of the federation metadata (which includes this Idp's metadata). The federation metadata root element is EntitiesDescriptor. If you don't have it (test installation etc) you can manually create one: take the IdP metadata and wrap it in Entities descriptor element, save and use file:// url. E.g. see this one: http://metadata.aai.switch.ch/metadata.aaitest.xml (You can ignore extensions etc.) > > I have encountered it in version 1.5.0 as well and decided to use manual > configuration instead: > > unity.saml.requester.remoteIdp.1.name=SURFconext IdP > unity.saml.requester.remoteIdp.1.address=https://engine.surfconext.nl/authentication/idp/single-sign-on > unity.saml.requester.remoteIdp.1.samlId=https://engine.surfconext.nl/authentication/idp/single-sign-on > unity.saml.requester.remoteIdp.1.certificate=SURFconext > unity.saml.requester.remoteIdp.1.groupMembershipAttribute=urn:oid:1.3.6.1.4.1.5923.1.1.1.1 > unity.saml.requester.remoteIdp.1.requestedNameFormat=urn:oasis:names:tc:SAML:2.0:nameid-ormat:transient > unity.saml.requester.remoteIdp.1.translationProfile=SURFconext OK, do you have the full log already? Especially what is around the aforementioned error message. Best, Krzysztof |
