Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
ESOE Users
+ new post
Home
About this group
Join this group
SPEP Error with different esoe instance
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   1 message - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
elyas  
View profile  
 More options Oct 28 2008, 6:05 pm
From: elyas <elyas.moha...@gmail.com>
Date: Tue, 28 Oct 2008 00:05:07 -0700 (PDT)
Local: Tues, Oct 28 2008 6:05 pm
Subject: SPEP Error with different esoe instance
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

spep.config in SPEP instance jboss
---------------------------------

#
#
# Enterprise Sign On Engine (ESOE), Java Service Provider Enforcement
Point (SPEP) global configuration file
#
# Changing values in this file WILL effect the way the ESOE Manager
operates in production, please change with
# care and in consultation with configuration documentation.
#
# Author: Shaun Mangelsdorf
# Date: 04/12/2006
#

########################################################################### ################################
#
# Deployment specific configuration
####

# KeyStore 1
keystorePath=${spep.data}/config/spepKeystore.ks
keystorePassword=54019a6fc983ebc01e55
spepKeyAlias=388408730a414003
spepKeyPassword=e5b42af6606c57366884
metadataKeyAlias=4cc9935073e1c606

# The unique identifier of the authenticating ESOE.
esoeIdentifier=http://blr20357.as.colt:8080

# The unique identifier of the service.
spepIdentifier=http://blr20357.as.colt:7060/aptGUI

# The URL to retrieve the metadata document from
metadataUrl=http://blr20357.as.colt:7060/esoemanager/metadata/
retrieve.htm

# string description of the service
serverInfo=ESOE Manager Web Application

# Unique identifier of this service node
nodeIdentifier=46357

# Indicies of this service node
attributeConsumingServiceIndex=46357
assertionConsumerServiceIndex=46357
authzCacheIndex=46357

# Address of the service host in use without any application path e.g.
https://myserver.company.com or https://myotherserver.company.com:8443
NOT https://myserver.company.com/myapp/
serviceHost=http://blr20357.as.colt:7060

# ip addresses of this host SPEP
ipAddresses=192.168.1.100

# the URL to redirect unauthenticated users to
loginRedirect=http://blr20357.as.colt:7060/spep/sso?redirectURL={0}

# Default URL of the service
defaultURL=http://blr20357.as.colt:7060/aptGUI

# specify cookies to clear when am authentication session is destroyed
# strings are of the format: cookie_name [space] cookie_domain
(optional) [space] cookie_path (optional)
logoutClearCookie.1=spepSession

########################################################################### ################################
#
# You should not need to edit anything below this line, advanced
changes only
####

# Is the SPEP configured in lazy initialization mode
lazyInit=false

# deny | permit - Lazy Init default mode, if a lazyinit-resource is
not matched what action should the filter take on access to the
resource (inverted when there is a match as specified by resources
below)
#lazyInitDefaultAction=deny

# Forced Initialization Queries. MUST start from lazyInit-resource-1
and MUST progress in numerical order upto a maximum value of 10000
(lazyInit-resource-10000)
# This is only populated when SPEP is acting in a lazy mode, regex
patterns may be applied here
# Extreme caution to carefully validate your web application access
requirements is recommended with the system is in lazyInit mode
# Name/Value parameters from the query string make up part of the
matching, /secure.jsp.* should be used to match for example /
secure.jsp?custID=1234
#
# Values here should only contain the path and query string of your
application, eg for https://myspep.company.org/myapp you would enter /
secure.jsp.* to match any request for resources
# located at https://myspep.company.org/myapp/secure.jsp

#lazyInit-resource-1=
#lazyInit-resource-2=

# SSO web application redirect (relative)
ssoRedirect=/spep/sso?redirectURL={0}

# authentication token names
spepTokenName=spepSession
# Identifier name for site wide identifier indicating ESOE knows about
this users session
commonDomainTokenName=_saml_idp

# interval in seconds between polling the metadata URL for the
metadata document
metadataInterval=120

# allowed time in seconds that a document will remain valid from the
time of creation
allowedTimeSkew=60

# time in seconds between polling the identifier cache for expired
identifiers
identifierCacheInterval=3600

# time in seconds that an identifier will remain active
identifierCacheTimeout=36000

# Time that sessions which have yet to complete an authentication
event are considered valid
sessionCacheTimeout=120

# Time in seconds that session cache cleanup will run looking for
expired unauthenticated sessions
# and sessions which have expired as dictated by the ESOE
sessionCacheInterval=120

# Default authorization policy to apply when due to problems with PDP
or other unusal situations occurs access control result can't be
computed
defaultPolicyDecision=deny

esoe at ESOE instance tomcat
------------------------------------

#
#
# Enterprise Sign On Engine (ESOE) global configuration file
#
# Changing values in this file WILL effect the way the ESOE operates
in production, please change with
# care and in consultation with configuration documentation.
#
# VALUES IN THIS FILE WERE AUTOMATICALLY POPULATED BY ESOESTARTUP.
#
# Author: Bradley Beddoes
# Date: 22/11/2006
#

########################################################################### ################################
#
# Deployment specific configuration
####

## Database Server 1 Connection
databaseDriver-1=com.mysql.jdbc.Driver
databaseURL-1=jdbc:mysql://blr20357.as.colt/esoedb6?useUnicode=true
databaseUsername-1=root
databasePassword-1=admin
databaseRemoveAbandoned-1=true
databaseRemoveAbandonedTimeout-1=300
databaseLogAbandoned-1=true
databaseMaxIdle-1=5
databaseMaxActive-1=25

## LDAP Server 1 Connection
ldapURL-1=ldap://blr20357:10389
ldapServer-1=blr20357:10389
ldapServerPort-1=10389
baseDN-1=o=sevenSeas
identifier-1=uid
recursive-1=true
disableSSL-1=true
adminUser-1=uid=admin,ou=system
adminPassword-1=secret

## Keystore 1
keystorePath-1=${esoe.data}/config/esoeKeystore.ks
keystorePassword-1=cb0f8bfecced87244a39
keyAlias-1=5b84d473581f0567
keyPassword-1=9f1e34af75720229f4ad
keyAlias-2=9c00070268bbb847

## Active Directory SSO
# Identifier name for browsers integrated into Active Directory
#activeDirectoryBrowserId=
# Identifier for server principal in Active Directory
#serverPrincipal=
# Keytab for communication with Active Directory
#keyTab=

## ESOE trusted identifier for this deployment
esoeIdentifier=http://blr20357.as.colt:8080

## Trusted URL to recieve metadata files from
metadataURL=http://blr20357.as.colt:8080/esoemanager/metadata/
retrieve.htm

# Domain in which esoe cookie should be available - should NEVER be
set institution wide
sessionDomain=blr20357.as.colt

# Domain in which discovery cookie should be available - MUST be set
institution wide
commonDomain=as.colt

## URL to redirect unauthenticated principal to
authenticationURL=http://blr20357.as.colt:8080/signin

## URL for SAML SSO endpoint supported by this instance
ssoURL=http://blr20357.as.colt:8080/sso

## Authentication Identifiers
# URL to redirect authenticated principal to logout
logoutURL=http://blr20357.as.colt:8080/web/logout.htm

# URL to redirect principal to for manual authentication processes
usernamePasswordURL=http://blr20357.as.colt:8080/web/login.htm

# Value to append to usernamePasswordURL when authentication fails
authenticationFailedNameValue=rc=authnfail

# URLS to redirect client to when authn has completed successfully and
there is no dynamic URL
successURL=http://blr20357.as.colt:8080/web/loginsuccess.htm

# URLS to redirect client to when logout has completed successfully
and there is no dynamic URL
logoutSuccessURL=http://blr20357.as.colt:8080/web/logoutsuccess.htm

# URL to redirect client to for a critical failure
criticalfailureURL=http://blr20357.as.colt:8080/web/failure.htm

##
# Identifier Attribute Mappings
identifier.unspecified.value=unmapped
identifier.emailAddress.value=mail
identifier.X509SubjectName.value=unmapped
identifier.windowsDomainQualName.value=umapped
identifier.kerberos.value=unmapped
identifier.persistent.value=unmapped

########################################################################### ################################
#
# You should not need to edit anything below this line, advanced
changes only
####

# Should ESOE try to process non signed AuthnRequests
acceptUnsignedAuthnRequests=false

# Identifier name for esoe session identifier
sessionTokenName=esoeSession

# Identifier name for site wide identifier indicating ESOE knows about
this users session
commonDomainTokenName=_saml_idp

## Authorization Identifiers

# Seconds between attempting to send cache updates to SPEPs
cacheupdatefailuremonitor.retryInterval=20

# Seconds that an authz cache update failure can remain in the
repository before being removed
cacheupdatefailuremonitor.maxFailureAge=3600

# Time in seconds to attempt to refresh updated policies from data
repository
authorizationPollInterval=120

# Time between retrying to send logout failures in seconds
sso.failedlogoutmonitor.retryInterval=60

# Seconds that a Logout failure can remain in repository in seconds
sso.failedlogoutmonitor.maxFailureAge=600

## SAML Identifiers
# Time in seconds to update the authentication network
networkUpdateInterval=120

# Time in seconds that is acceptable for networked SPEP instances
being out of time sync for
allowedSPEPSkew=60

# Time in seconds that a user authentication interaction is considered
active
allowedActiveAuthSkew=120

# Time in seconds that a session is to remain active on SPEP
sessionLength=86400

# Time that must be remaining in seconds for a principal to be granted
a new session on a remote SPEP
sessionRemainingLength=1800

# Time in seconds between session cache cleanup
sessionCacheClean=3600

# Time in seconds between identifier cache cleanup
identifierCacheClean=3600

# Time in seconds that we cache identifiers for to prevent replay
attacks
identifierExpiryInterval=36000

# Name of parameter which will hold Base64 encoded value which the
authentication system MUST respond to on successful authn
authenticationDynamicParameter=redirectURL

# Identifier name for disabling automated single sign on
disableAutomatedAuthnTokenName=esoeNoAuto

# Default authorization action
authorizationDefaultMode=DENY

##
# Identifier Keys
identifier.unspecified=urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified
identifier.emailAddress=urn:oasis:names:tc:SAML:1.1:nameid-
format:emailAddress
identifier.X509SubjectName=urn:oasis:names:tc:SAML:1.1:nameid-
format:X509SubjectName
identifier.windowsDomainQualName=urn:oasis:names:tc:SAML:1.1:nameid-
format:WindowsDomainQualifiedName
identifier.kerberos=urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
identifier.persistent=urn:oasis:names:tc:SAML:2.0:nameid-
format:persistent

## Security Level
# Security Level Identifier
securityLevelIdentifer=SecurityLevel

# Security Level 1 Identifier
securityLevel1=Level 1

# Security Level 2 Identifier
securityLevel2=Level 2

# Security Level 3 Identifier
securityLevel3=Level 3

# Security Level 4 Identifier
securityLevel4=Level 4

### Supported Schemas
saml.protocol=saml-schema-protocol-2.0.xsd
saml.assertion=saml-schema-assertion-2.0.xsd
saml.metadata=saml-schema-metadata-2.0.xsd
lxacml=lxacmlSchema.xsd
lxacml.protocol=lxacmlSAMLProtocolSchema.xsd
lxacml.assertion=lxacmlSAMLAssertionSchema.xsd
lxacml.context=lxacmlContextSchema.xsd
lxacml.pdp=lxacmlPDPSchema.xsd
esoe.protocol=ESOEProtocolSchema.xsd
cache.clear=cacheClearServiceSchema.xsd
sessiondata=SessionDataSchema.xsd

########################################################################### ################################
#
# Spring configuration integration, you REALLY shouldn't need to edit
anything below this line.
####

### Datasources

## iBatis Data Source
ibatisdatasource.driver=${databaseDriver-1}
ibatisdatasource.url=${databaseURL-1}
ibatisdatasource.username=${databaseUsername-1}
ibatisdatasource.password=${databasePassword-1}
ibatisdatasource.removeAbandoned=${databaseRemoveAbandoned-1}
ibatisdatasource.removeAbandonedTimeout=$
{databaseRemoveAbandonedTimeout-1}
ibatisdatasource.logAbandoned=${databaseLogAbandoned-1}
ibatisdatasource.maxIdle=${databaseMaxIdle-1}
ibatisdatasource.maxActive=${databaseMaxActive-1}

## LDAP Context Source
ldapcontextsource.ldapURL=${ldapURL-1}
ldapcontextsource.base=${baseDN-1}
ldapcontextsource.username=${adminUser-1}
ldapcontextsource.password=${adminPassword-1}

## ESOE Key Store Resolver
esoekeystoreresolver.keystorePath=${keystorePath-1}
esoekeystoreresolver.keystorePassword=${keystorePassword-1}
esoekeystoreresolver.keyAlias=${keyAlias-1}
esoekeystoreresolver.keyPassword=${keyPassword-1}

## Metadata Key Store Resolver
metadatakeystoreresolver.keystorePath=${keystorePath-1}
metadatakeystoreresolver.keystorePassword=${keystorePassword-1}
metadatakeystoreresolver.keyAlias=${keyAlias-2}
metadatakeystoreresolver.keyPassword=

## SQL Maps
sqlmapclient.config=WEB-INF/sqlMapConfig.xml

### SAML2 Components

## Validator
samlValidator.allowedSPEPSkew=${allowedSPEPSkew}

## Identifier Cache
identifierCache.identifierCacheClean=${identifierCacheClean}
identifierCache.identifierExpiryInterval=${identifierExpiryInterval}

### Authentication

## Processors
authnprocessorimpl.sessionTokenName=${sessionTokenName}
authnprocessorimpl.sessionDomain=${sessionDomain}

## Handlers
usernamepasswordhandler.requireCredentialsURL=${usernamePasswordURL}
usernamepasswordhandler.authenticationFailedNameValue=$
{authenticationFailedNameValue}
usernamepasswordhandler.failURL=${criticalfailureURL}
usernamepasswordhandler.successURL=${successURL}
usernamepasswordhandler.securityLevelIdentifier=$
{securityLevelIdentifer}
usernamepasswordhandler.securityLevel=${securityLevel1}

#spnegohandler.successURL=${successURL}
#spnegohandler.spnegoUserAgentID=${activeDirectoryBrowserId}
#spnegohandler.securityLevelIdentifier=${securityLevelIdentifer}
#spnegohandler.securityLevel=${securityLevel1}

## Delegated Authentication
delegauthn.deniedIdentifiers1=${securityLevelIdentifer}
delegauthn.identifier=${esoeIdentifier}

## Authenticators

# LdapBasicAuthenticator
ldapbasicauthenticator.ldapServer=${ldapServer-1}
ldapbasicauthenticator.ldapServerPort=${ldapServerPort-1}
ldapbasicauthenticator.baseDN=${baseDN-1}
ldapbasicauthenticator.identifier=${identifier-1}
ldapbasicauthenticator.recursive=${recursive-1}
ldapbasicauthenticator.disableSSL=${disableSSL-1}
ldapbasicauthenticator.adminUser=${adminUser-1}
ldapbasicauthenticator.adminPassword=${adminPassword-1}

# Kerberos V5 Authenticator
# See http://java.sun.com/javase/6/docs/api/javax/security/auth/login/Confi...
and associated
# links for extensions to these options.
#kerberosV5Authenticator.option.serverPrincipal=${serverPrincipal}
#kerberosV5Authenticator.option.useKeyTab=true
#kerberosV5Authenticator.option.storeKey=true
#kerberosV5Authenticator.option.doNotPrompt=true
#kerberosV5Authenticator.option.debug=true
#kerberosV5Authenticator.file.keyTab=${keyTab}

### Sessions
## Session Creation
create.sessionLength=${sessionLength}

## Identity Resolvers
ldapidentityresolver.baseDN=
ldapidentityresolver.identifier=${identifier-1}

## Session cleanup config
# interval between cache purges in seconds
sessions.cleanupInterval=${sessionCacheClean}
# max age of session data in seconds
sessions.timeoutInterval=${sessionLength}

### Service Provider Enforcement Points

## Metadata
metadata.url=${metadataURL}
metadata.networkUpdateInterval=${networkUpdateInterval}
metadata.esoeIdentifier=${esoeIdentifier}

### Single Sign On

## Processors
sso.allowedActiveAuthSkew=${allowedActiveAuthSkew}
sso.sessionRemainingLength=${sessionRemainingLength}
sso.acceptUnsignedAuthnRequests=${acceptUnsignedAuthnRequests}

### Attribute Authority
## AttributeAuthorityProcessor
aa.allowedSPEPSkew=${allowedSPEPSkew}

### Policy Decision Point

## Authorization Processor
authorizationProcessor.authorizationDefaultMode=$
{authorizationDefaultMode}
authorizationProcessor.allowedTimeSkew=${allowedSPEPSkew}

## Policy Cache Processor
policycacheprocessor.pollInterval=${authorizationPollInterval}

current metadata
----------------

 <?xml version="1.0" encoding="UTF-16" ?>
- <md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:
2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:lxacml-md="http://www.qut.com/middleware/lxacmlPDPSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://
www.w3.org/2001/04/xmlenc#"
ID="_0ec1bfddaebe91db486b242f65ec659c54054e17-4cee51e06e3d9d365f6ff22e22e9b cc6">
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-
exc-c14n#" />
 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
sha1" />
- <ds:Reference
URI="#_0ec1bfddaebe91db486b242f65ec659c54054e17-4cee51e06e3d9d365f6ff22e22e 9bcc6">
- <ds:Transforms>
 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-
signature" />
 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /


 </ds:Transforms>
 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /

 <ds:DigestValue>bkhSfWzsaL0kwyAdvO0Sc9z8EvA=</ds:DigestValue>
 </ds:Reference>
 </ds:SignedInfo>
 <ds:SignatureValue>IKGbfCKG1zAvfAM2n
+Rboi1Ua38FMj6F87A2QzKQgbE5pVXqT4tLrBVYI3361qrZnQyPLw5qfrua kSfm
+pebXYOZgeFkyBdbcRkRmJ3cK680lQyx8lYY5mAPBC7thqv0szbS2aKGO7IyUcC8AAUOdUnS
dDUCTXZGcR2LML4Lp6J/
LXEyjZFUWyMgKXkxcrTV1CMUvJeN80DDuXGe7oeZ3yqmO57rhcSBBBSc
b8ybFOGO6aBCE5XZtFKfF5MmdGmY8WrIn+Aer7p
+29yeQuzjW5nesJTqpcFEnVH0B5cTVgfwF9nk ENuj
+aZuHUKJOBpbSvGLAa3DO7rTvIXauT/xQw==</ds:SignatureValue>
- <ds:KeyInfo>
 <ds:KeyName>4cc9935073e1c606</ds:KeyName>
 </ds:KeyInfo>
 </ds:Signature>
- <md:EntityDescriptor
ID="_4439ddf8f8877eef80bfd709f09c01a3448972f5-0f5e1ee5ee753472f02d5f6b1ef06 c38"
entityID="http://blr20357.as.colt:8080">
- <md:IDPSSODescriptor ID="_9b3b89b9826d0aa308b90065888fa57f310745f9-
a2c134b1d32ae874a67d8a7533991a6c" WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
 <spep:SPEPStartupService xmlns:spep="http://www.qut.com/middleware/
spepStartupServiceSchema" Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:8080/ws/services/
esoe/spepStartup" xmlns="" />
 </md:Extensions>
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
 <ds:KeyName xmlns="">da86024da18554ee</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
 <ds:Modulus>ALW1qutzoxl8Guhi3+lxYpY5pFngA/m/RLfSKotvcLOPU4SjI4cfXN//
N6x+ssy71kQ6/QTK6s9CTrGWVGvfayzX64wYaFR09WNQQWFm/
DKHTBl7os5vA8c3tV6JeoHiQ9U7B/
Y24HF9OgN6hNQIuaPIbIQD0dggqnC8x6TOKsXZN5OqkSLB5LVAYP+QIg/
qxzozO3r3Xfrm9uNPL7Tp6a2y7Xh6bKCTZS3Dz
+GwFWXQpFajTxylV6Q3z7GoyFYFPdZjeoIlMbqET1kQ9UJJ6SZkaCEN8Qs1CoGqhH/
uSndc/VYolM819C5WpcJlgxZFoW3qHiiBZT5fCvRnBuw7ZbM=</ds:Modulus>
 <ds:Exponent>AQAB</ds:Exponent>
 </ds:RSAKeyValue>
 </ds:KeyValue>
 </ds:KeyInfo>
 </md:KeyDescriptor>
 <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</md:NameIDFormat>
 <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:HTTP-POST" Location="http://blr20357.as.colt:8080/sso" /

 <md:AttributeProfile>urn:oasis:names:tc:SAML:2.0:attrname-
format:basic</md:AttributeProfile>
 </md:IDPSSODescriptor>
- <md:AttributeAuthorityDescriptor
ID="_f6ed121b63a0b2cc6e57b335e1cedcff891a3990-3e8f4e348981db9321b564f62a4af f2f"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
 <ds:KeyName xmlns="">da86024da18554ee</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
 <ds:Modulus>ALW1qutzoxl8Guhi3+lxYpY5pFngA/m/RLfSKotvcLOPU4SjI4cfXN//
N6x+ssy71kQ6/QTK6s9CTrGWVGvfayzX64wYaFR09WNQQWFm/
DKHTBl7os5vA8c3tV6JeoHiQ9U7B/
Y24HF9OgN6hNQIuaPIbIQD0dggqnC8x6TOKsXZN5OqkSLB5LVAYP+QIg/
qxzozO3r3Xfrm9uNPL7Tp6a2y7Xh6bKCTZS3Dz
+GwFWXQpFajTxylV6Q3z7GoyFYFPdZjeoIlMbqET1kQ9UJJ6SZkaCEN8Qs1CoGqhH/
uSndc/VYolM819C5WpcJlgxZFoW3qHiiBZT5fCvRnBuw7ZbM=</ds:Modulus>
 <ds:Exponent>AQAB</ds:Exponent>
 </ds:RSAKeyValue>
 </ds:KeyValue>
 </ds:KeyInfo>
 </md:KeyDescriptor>
 <md:AttributeService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:8080/ws/services/
esoe/attributeAuthority" />
 </md:AttributeAuthorityDescriptor>
- <md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" ID="_e9a21b823d77cc182ff5d3f93241ae1a4b5da31c-
bfeec84fe708aaa501bd38d92c2461d4"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
xsi:type="lxacml-md:LXACMLPDPDescriptorType">
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
 <ds:KeyName xmlns="">da86024da18554ee</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
 <ds:Modulus>ALW1qutzoxl8Guhi3+lxYpY5pFngA/m/RLfSKotvcLOPU4SjI4cfXN//
N6x+ssy71kQ6/QTK6s9CTrGWVGvfayzX64wYaFR09WNQQWFm/
DKHTBl7os5vA8c3tV6JeoHiQ9U7B/
Y24HF9OgN6hNQIuaPIbIQD0dggqnC8x6TOKsXZN5OqkSLB5LVAYP+QIg/
qxzozO3r3Xfrm9uNPL7Tp6a2y7Xh6bKCTZS3Dz
+GwFWXQpFajTxylV6Q3z7GoyFYFPdZjeoIlMbqET1kQ9UJJ6SZkaCEN8Qs1CoGqhH/
uSndc/VYolM819C5WpcJlgxZFoW3qHiiBZT5fCvRnBuw7ZbM=</ds:Modulus>
 <ds:Exponent>AQAB</ds:Exponent>
 </ds:RSAKeyValue>
 </ds:KeyValue>
 </ds:KeyInfo>
 </md:KeyDescriptor>
 <md:AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://blr20357.as.colt:8080/ws/services/esoe/
policyDecisionPoint" />
 </md:RoleDescriptor>
- <md:ContactPerson contactType="technical">
 <md:Company>colt</md:Company>
 <md:GivenName>mohamed</md:GivenName>
 <md:SurName>elyas</md:SurName>
 <md:EmailAddress>elyas.moha...@yahoo.com</md:EmailAddress>
 <md:TelephoneNumber>22128311</md:TelephoneNumber>
 </md:ContactPerson>
 </md:EntityDescriptor>
- <md:EntityDescriptor
ID="_67be22679b91b5838f3ae5127f39dcfbbd94ce1b-065bcb957bf11e5aa9ddac8477583 457"
entityID="http://blr20357.as.colt:7060/esoemanager">
- <md:SPSSODescriptor AuthnRequestsSigned="true"
ID="_47d5fd41652282e3cad12910f74cfcba1a466227-9b549b3cecfb2e0c53757606a871b 258"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
 <clear:CacheClearService xmlns:clear="http://www.qut.com/middleware/
cacheClearServiceSchema" Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/authzCacheClear" index="46357" xmlns="" />
 </md:Extensions>
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
 <ds:KeyName xmlns="">388408730a414003</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
 <ds:Modulus>AJlUMaVAF/kx19ISS/
aPtrfVfAQokCWs6y0CG9F9xdjOQYke9p2BY4cNjwVeW68/tWXvQDAIWdSdEJOmKx
+mNXTsp54KRIk+odxvp4gX5qCrDNb39uIdz
+EphEiryJ1xF0ExLmpYeRiaYqnhcRLoBXarDVdR1pZtdISmQvsCnb+WuIRJ69h7ubi1HZ
+Pw6X3huDW9+lJhANBsKyplXocJqndxtC2YVH3VavC4xvahLaXmPD2rJfO62dDw1Yk1oIeTOs0T //
jXxyvSmeNLEGKwm6xJ/P/gKDk4pf6FciMl/
7KBMqJPZ1+A4Vd0eOzyJgaoxhFYEStKpJwWMh24TA+vhE=</ds:Modulus>
 <ds:Exponent>AQAB</ds:Exponent>
 </ds:RSAKeyValue>
 </ds:KeyValue>
 </ds:KeyInfo>
 </md:KeyDescriptor>
 <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/singleLogout" />
 <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</md:NameIDFormat>
 <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:HTTP-POST" Location="http://blr20357.as.colt:7060/spep/
sso" index="46357" />
 </md:SPSSODescriptor>
- <md:ContactPerson contactType="technical">
 <md:Company>colt</md:Company>
 <md:GivenName>mohamed</md:GivenName>
 <md:SurName>elyas</md:SurName>
 <md:EmailAddress>elyas.moha...@yahoo.com</md:EmailAddress>
 <md:TelephoneNumber>22128311</md:TelephoneNumber>
 </md:ContactPerson>
 </md:EntityDescriptor>
- <md:EntityDescriptor
ID="_4e8a8da46f25ac1cdfa99016298f021c0fb55337-953c56510397dfbd1be6a70ef0db9 400"
entityID="http://blr20357.as.colt:7060/aptGUI">
- <md:SPSSODescriptor AuthnRequestsSigned="true"
ID="_ba9a19bf7b1a5cb4cd87c42cd176258665009301-09838e0a7d4310c4104c67f3c7a3b 98f"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
 <clear:CacheClearService xmlns:clear="http://www.qut.com/middleware/
cacheClearServiceSchema" Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/authzCacheClear" index="39800" xmlns="" />
 </md:Extensions>
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
 <ds:KeyName xmlns="">14c7a0845972f0f3</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
 <ds:Modulus>AKECHgT08YO0Le/7g/rn6q2SmCE
+ZyN2kNeGhhrF0cCDch7Ibb3sWfLmPTHu1l8DGOY43YHxQ+EBmDtWu28m8FLprIu48m/
BpxNdRNPDvuSshLxhaNgkHJCOsYIYwXvb2T5fk7nkMvOdqOxW/zfC
+pHKdv4hungbGUm7ya8EaAf8rr+FxlQeNLqWTyM/
DJzI8E5BNcEWprqsaC7CbiysLSnhHE/
7+WdqotQ4jTN5oxDoE6Iek1Ndw5Lj0IhpWh9gHWagvfW5r2iDOheHt0tmKUkEBi/tLk4s
+SVUGLa3BSS4kXZXtOI77YOUasqiDs2TMydy3AryzZVh5YJ0urnyJpM=</ds:Modulus>
 <ds:Exponent>AQAB</ds:Exponent>
 </ds:RSAKeyValue>
 </ds:KeyValue>
 </ds:KeyInfo>
 </md:KeyDescriptor>
 <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/singleLogout" />
 <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</md:NameIDFormat>
 <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:HTTP-POST" Location="http://blr20357.as.colt:7060/spep/
sso" index="39800" />
 </md:SPSSODescriptor>
- <md:ContactPerson contactType="technical">
 <md:Company>colt</md:Company>
 <md:GivenName>mohamed</md:GivenName>
 <md:SurName>elyas</md:SurName>
 <md:EmailAddress>elyas.moha...@yahoo.com</md:EmailAddress>
 <md:TelephoneNumber>22128311</md:TelephoneNumber>
 </md:ContactPerson>
 </md:EntityDescriptor>
 </md:EntitiesDescriptor>

Error what i am getting is -

008-10-28 10:46:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - Got 18332 chars
of metadata. Hash value is af727567c7b9d32c997c17312706aea6a7694671
2008-10-28 10:46:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - New metadata
encountered. Processing ...
2008-10-28 10:46:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataImpl - Unable to obtain
the assertionConsumerLocation for this SPEP from metadata, IS THIS
SPEP ACTIVATED IN ESOE MANAGER??.
2008-10-28 10:46:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataThread - A SAML problem
occurred reading metadata. Ignoring new metadata. Exception was: ESOE
did not have all required endpoints, halting processing of metadata.
2008-10-28 10:46:49,968 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:46:50,000 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:47:10,000 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:47:10,031 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:47:30,031 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:47:30,062 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:47:50,062 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:47:50,093 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:48:10,093 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:48:10,140 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:48:28,265 INFO
com.qut.middleware.spep.sessions.impl.SessionCacheImpl$CleanupThread -
Cleaning up timed out Principal Sessions ...
2008-10-28 10:48:30,140 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:48:30,171 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:48:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - Got 18332 chars
of metadata. Hash value is 835ee111e6b4c53492b0ab14573dc27525d721b3
2008-10-28 10:48:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - New metadata
encountered. Processing ...
2008-10-28 10:48:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataImpl - Unable to obtain
the assertionConsumerLocation for this SPEP from metadata, IS THIS
SPEP ACTIVATED IN ESOE MANAGER??.
2008-10-28 10:48:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataThread - A SAML problem
occurred reading metadata. Ignoring new metadata. Exception was: ESOE
did not have all required endpoints, halting processing of metadata.
2008-10-28 10:48:50,171 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:48:50,203 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:49:10,203 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:49:10,234 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:49:30,234 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:49:30,265 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:49:50,265 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:49:50,296 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:50:10,296 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:50:10,328 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loade


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google