Message from discussion
SPEP Error with different esoe instance
MIME-Version: 1.0
Received: by 10.101.69.6 with SMTP id w6mr480853ank.28.1225177508279; Tue, 28
Oct 2008 00:05:08 -0700 (PDT)
Date: Tue, 28 Oct 2008 00:05:07 -0700 (PDT)
X-IP: 59.92.114.180
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.3)
Gecko/2008092417 Firefox/3.0.3,gzip(gfe),gzip(gfe)
Message-ID: <e8481e6b-7154-4448-bdf2-3e3a1493fa7f@l33g2000pri.googlegroups.com>
Subject: SPEP Error with different esoe instance
From: elyas <elyas.moha...@gmail.com>
To: ESOE Users <esoe-users@googlegroups.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
spep.config in SPEP instance jboss
---------------------------------
#
#
# Enterprise Sign On Engine (ESOE), Java Service Provider Enforcement
Point (SPEP) global configuration file
#
# Changing values in this file WILL effect the way the ESOE Manager
operates in production, please change with
# care and in consultation with configuration documentation.
#
# Author: Shaun Mangelsdorf
# Date: 04/12/2006
#
###########################################################################################################
#
# Deployment specific configuration
####
# KeyStore 1
keystorePath=${spep.data}/config/spepKeystore.ks
keystorePassword=54019a6fc983ebc01e55
spepKeyAlias=388408730a414003
spepKeyPassword=e5b42af6606c57366884
metadataKeyAlias=4cc9935073e1c606
# The unique identifier of the authenticating ESOE.
esoeIdentifier=http://blr20357.as.colt:8080
# The unique identifier of the service.
spepIdentifier=http://blr20357.as.colt:7060/aptGUI
# The URL to retrieve the metadata document from
metadataUrl=http://blr20357.as.colt:7060/esoemanager/metadata/
retrieve.htm
# string description of the service
serverInfo=ESOE Manager Web Application
# Unique identifier of this service node
nodeIdentifier=46357
# Indicies of this service node
attributeConsumingServiceIndex=46357
assertionConsumerServiceIndex=46357
authzCacheIndex=46357
# Address of the service host in use without any application path e.g.
https://myserver.company.com or https://myotherserver.company.com:8443
NOT https://myserver.company.com/myapp/
serviceHost=http://blr20357.as.colt:7060
# ip addresses of this host SPEP
ipAddresses=192.168.1.100
# the URL to redirect unauthenticated users to
loginRedirect=http://blr20357.as.colt:7060/spep/sso?redirectURL={0}
# Default URL of the service
defaultURL=http://blr20357.as.colt:7060/aptGUI
# specify cookies to clear when am authentication session is destroyed
# strings are of the format: cookie_name [space] cookie_domain
(optional) [space] cookie_path (optional)
logoutClearCookie.1=spepSession
###########################################################################################################
#
# You should not need to edit anything below this line, advanced
changes only
####
# Is the SPEP configured in lazy initialization mode
lazyInit=false
# deny | permit - Lazy Init default mode, if a lazyinit-resource is
not matched what action should the filter take on access to the
resource (inverted when there is a match as specified by resources
below)
#lazyInitDefaultAction=deny
# Forced Initialization Queries. MUST start from lazyInit-resource-1
and MUST progress in numerical order upto a maximum value of 10000
(lazyInit-resource-10000)
# This is only populated when SPEP is acting in a lazy mode, regex
patterns may be applied here
# Extreme caution to carefully validate your web application access
requirements is recommended with the system is in lazyInit mode
# Name/Value parameters from the query string make up part of the
matching, /secure.jsp.* should be used to match for example /
secure.jsp?custID=1234
#
# Values here should only contain the path and query string of your
application, eg for https://myspep.company.org/myapp you would enter /
secure.jsp.* to match any request for resources
# located at https://myspep.company.org/myapp/secure.jsp
#lazyInit-resource-1=
#lazyInit-resource-2=
# SSO web application redirect (relative)
ssoRedirect=/spep/sso?redirectURL={0}
# authentication token names
spepTokenName=spepSession
# Identifier name for site wide identifier indicating ESOE knows about
this users session
commonDomainTokenName=_saml_idp
# interval in seconds between polling the metadata URL for the
metadata document
metadataInterval=120
# allowed time in seconds that a document will remain valid from the
time of creation
allowedTimeSkew=60
# time in seconds between polling the identifier cache for expired
identifiers
identifierCacheInterval=3600
# time in seconds that an identifier will remain active
identifierCacheTimeout=36000
# Time that sessions which have yet to complete an authentication
event are considered valid
sessionCacheTimeout=120
# Time in seconds that session cache cleanup will run looking for
expired unauthenticated sessions
# and sessions which have expired as dictated by the ESOE
sessionCacheInterval=120
# Default authorization policy to apply when due to problems with PDP
or other unusal situations occurs access control result can't be
computed
defaultPolicyDecision=deny
esoe at ESOE instance tomcat
------------------------------------
#
#
# Enterprise Sign On Engine (ESOE) global configuration file
#
# Changing values in this file WILL effect the way the ESOE operates
in production, please change with
# care and in consultation with configuration documentation.
#
# VALUES IN THIS FILE WERE AUTOMATICALLY POPULATED BY ESOESTARTUP.
#
# Author: Bradley Beddoes
# Date: 22/11/2006
#
###########################################################################################################
#
# Deployment specific configuration
####
## Database Server 1 Connection
databaseDriver-1=com.mysql.jdbc.Driver
databaseURL-1=jdbc:mysql://blr20357.as.colt/esoedb6?useUnicode=true
databaseUsername-1=root
databasePassword-1=admin
databaseRemoveAbandoned-1=true
databaseRemoveAbandonedTimeout-1=300
databaseLogAbandoned-1=true
databaseMaxIdle-1=5
databaseMaxActive-1=25
## LDAP Server 1 Connection
ldapURL-1=ldap://blr20357:10389
ldapServer-1=blr20357:10389
ldapServerPort-1=10389
baseDN-1=o=sevenSeas
identifier-1=uid
recursive-1=true
disableSSL-1=true
adminUser-1=uid=admin,ou=system
adminPassword-1=secret
## Keystore 1
keystorePath-1=${esoe.data}/config/esoeKeystore.ks
keystorePassword-1=cb0f8bfecced87244a39
keyAlias-1=5b84d473581f0567
keyPassword-1=9f1e34af75720229f4ad
keyAlias-2=9c00070268bbb847
## Active Directory SSO
# Identifier name for browsers integrated into Active Directory
#activeDirectoryBrowserId=
# Identifier for server principal in Active Directory
#serverPrincipal=
# Keytab for communication with Active Directory
#keyTab=
## ESOE trusted identifier for this deployment
esoeIdentifier=http://blr20357.as.colt:8080
## Trusted URL to recieve metadata files from
metadataURL=http://blr20357.as.colt:8080/esoemanager/metadata/
retrieve.htm
# Domain in which esoe cookie should be available - should NEVER be
set institution wide
sessionDomain=blr20357.as.colt
# Domain in which discovery cookie should be available - MUST be set
institution wide
commonDomain=as.colt
## URL to redirect unauthenticated principal to
authenticationURL=http://blr20357.as.colt:8080/signin
## URL for SAML SSO endpoint supported by this instance
ssoURL=http://blr20357.as.colt:8080/sso
## Authentication Identifiers
# URL to redirect authenticated principal to logout
logoutURL=http://blr20357.as.colt:8080/web/logout.htm
# URL to redirect principal to for manual authentication processes
usernamePasswordURL=http://blr20357.as.colt:8080/web/login.htm
# Value to append to usernamePasswordURL when authentication fails
authenticationFailedNameValue=rc=authnfail
# URLS to redirect client to when authn has completed successfully and
there is no dynamic URL
successURL=http://blr20357.as.colt:8080/web/loginsuccess.htm
# URLS to redirect client to when logout has completed successfully
and there is no dynamic URL
logoutSuccessURL=http://blr20357.as.colt:8080/web/logoutsuccess.htm
# URL to redirect client to for a critical failure
criticalfailureURL=http://blr20357.as.colt:8080/web/failure.htm
##
# Identifier Attribute Mappings
identifier.unspecified.value=unmapped
identifier.emailAddress.value=mail
identifier.X509SubjectName.value=unmapped
identifier.windowsDomainQualName.value=umapped
identifier.kerberos.value=unmapped
identifier.persistent.value=unmapped
###########################################################################################################
#
# You should not need to edit anything below this line, advanced
changes only
####
# Should ESOE try to process non signed AuthnRequests
acceptUnsignedAuthnRequests=false
# Identifier name for esoe session identifier
sessionTokenName=esoeSession
# Identifier name for site wide identifier indicating ESOE knows about
this users session
commonDomainTokenName=_saml_idp
## Authorization Identifiers
# Seconds between attempting to send cache updates to SPEPs
cacheupdatefailuremonitor.retryInterval=20
# Seconds that an authz cache update failure can remain in the
repository before being removed
cacheupdatefailuremonitor.maxFailureAge=3600
# Time in seconds to attempt to refresh updated policies from data
repository
authorizationPollInterval=120
# Time between retrying to send logout failures in seconds
sso.failedlogoutmonitor.retryInterval=60
# Seconds that a Logout failure can remain in repository in seconds
sso.failedlogoutmonitor.maxFailureAge=600
## SAML Identifiers
# Time in seconds to update the authentication network
networkUpdateInterval=120
# Time in seconds that is acceptable for networked SPEP instances
being out of time sync for
allowedSPEPSkew=60
# Time in seconds that a user authentication interaction is considered
active
allowedActiveAuthSkew=120
# Time in seconds that a session is to remain active on SPEP
sessionLength=86400
# Time that must be remaining in seconds for a principal to be granted
a new session on a remote SPEP
sessionRemainingLength=1800
# Time in seconds between session cache cleanup
sessionCacheClean=3600
# Time in seconds between identifier cache cleanup
identifierCacheClean=3600
# Time in seconds that we cache identifiers for to prevent replay
attacks
identifierExpiryInterval=36000
# Name of parameter which will hold Base64 encoded value which the
authentication system MUST respond to on successful authn
authenticationDynamicParameter=redirectURL
# Identifier name for disabling automated single sign on
disableAutomatedAuthnTokenName=esoeNoAuto
# Default authorization action
authorizationDefaultMode=DENY
##
# Identifier Keys
identifier.unspecified=urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified
identifier.emailAddress=urn:oasis:names:tc:SAML:1.1:nameid-
format:emailAddress
identifier.X509SubjectName=urn:oasis:names:tc:SAML:1.1:nameid-
format:X509SubjectName
identifier.windowsDomainQualName=urn:oasis:names:tc:SAML:1.1:nameid-
format:WindowsDomainQualifiedName
identifier.kerberos=urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
identifier.persistent=urn:oasis:names:tc:SAML:2.0:nameid-
format:persistent
## Security Level
# Security Level Identifier
securityLevelIdentifer=SecurityLevel
# Security Level 1 Identifier
securityLevel1=Level 1
# Security Level 2 Identifier
securityLevel2=Level 2
# Security Level 3 Identifier
securityLevel3=Level 3
# Security Level 4 Identifier
securityLevel4=Level 4
### Supported Schemas
saml.protocol=saml-schema-protocol-2.0.xsd
saml.assertion=saml-schema-assertion-2.0.xsd
saml.metadata=saml-schema-metadata-2.0.xsd
lxacml=lxacmlSchema.xsd
lxacml.protocol=lxacmlSAMLProtocolSchema.xsd
lxacml.assertion=lxacmlSAMLAssertionSchema.xsd
lxacml.context=lxacmlContextSchema.xsd
lxacml.pdp=lxacmlPDPSchema.xsd
esoe.protocol=ESOEProtocolSchema.xsd
cache.clear=cacheClearServiceSchema.xsd
sessiondata=SessionDataSchema.xsd
###########################################################################################################
#
# Spring configuration integration, you REALLY shouldn't need to edit
anything below this line.
####
### Datasources
## iBatis Data Source
ibatisdatasource.driver=${databaseDriver-1}
ibatisdatasource.url=${databaseURL-1}
ibatisdatasource.username=${databaseUsername-1}
ibatisdatasource.password=${databasePassword-1}
ibatisdatasource.removeAbandoned=${databaseRemoveAbandoned-1}
ibatisdatasource.removeAbandonedTimeout=$
{databaseRemoveAbandonedTimeout-1}
ibatisdatasource.logAbandoned=${databaseLogAbandoned-1}
ibatisdatasource.maxIdle=${databaseMaxIdle-1}
ibatisdatasource.maxActive=${databaseMaxActive-1}
## LDAP Context Source
ldapcontextsource.ldapURL=${ldapURL-1}
ldapcontextsource.base=${baseDN-1}
ldapcontextsource.username=${adminUser-1}
ldapcontextsource.password=${adminPassword-1}
## ESOE Key Store Resolver
esoekeystoreresolver.keystorePath=${keystorePath-1}
esoekeystoreresolver.keystorePassword=${keystorePassword-1}
esoekeystoreresolver.keyAlias=${keyAlias-1}
esoekeystoreresolver.keyPassword=${keyPassword-1}
## Metadata Key Store Resolver
metadatakeystoreresolver.keystorePath=${keystorePath-1}
metadatakeystoreresolver.keystorePassword=${keystorePassword-1}
metadatakeystoreresolver.keyAlias=${keyAlias-2}
metadatakeystoreresolver.keyPassword=
## SQL Maps
sqlmapclient.config=WEB-INF/sqlMapConfig.xml
### SAML2 Components
## Validator
samlValidator.allowedSPEPSkew=${allowedSPEPSkew}
## Identifier Cache
identifierCache.identifierCacheClean=${identifierCacheClean}
identifierCache.identifierExpiryInterval=${identifierExpiryInterval}
### Authentication
## Processors
authnprocessorimpl.sessionTokenName=${sessionTokenName}
authnprocessorimpl.sessionDomain=${sessionDomain}
## Handlers
usernamepasswordhandler.requireCredentialsURL=${usernamePasswordURL}
usernamepasswordhandler.authenticationFailedNameValue=$
{authenticationFailedNameValue}
usernamepasswordhandler.failURL=${criticalfailureURL}
usernamepasswordhandler.successURL=${successURL}
usernamepasswordhandler.securityLevelIdentifier=$
{securityLevelIdentifer}
usernamepasswordhandler.securityLevel=${securityLevel1}
#spnegohandler.successURL=${successURL}
#spnegohandler.spnegoUserAgentID=${activeDirectoryBrowserId}
#spnegohandler.securityLevelIdentifier=${securityLevelIdentifer}
#spnegohandler.securityLevel=${securityLevel1}
## Delegated Authentication
delegauthn.deniedIdentifiers1=${securityLevelIdentifer}
delegauthn.identifier=${esoeIdentifier}
## Authenticators
# LdapBasicAuthenticator
ldapbasicauthenticator.ldapServer=${ldapServer-1}
ldapbasicauthenticator.ldapServerPort=${ldapServerPort-1}
ldapbasicauthenticator.baseDN=${baseDN-1}
ldapbasicauthenticator.identifier=${identifier-1}
ldapbasicauthenticator.recursive=${recursive-1}
ldapbasicauthenticator.disableSSL=${disableSSL-1}
ldapbasicauthenticator.adminUser=${adminUser-1}
ldapbasicauthenticator.adminPassword=${adminPassword-1}
# Kerberos V5 Authenticator
# See http://java.sun.com/javase/6/docs/api/javax/security/auth/login/Configuration.html
and associated
# links for extensions to these options.
#kerberosV5Authenticator.option.serverPrincipal=${serverPrincipal}
#kerberosV5Authenticator.option.useKeyTab=true
#kerberosV5Authenticator.option.storeKey=true
#kerberosV5Authenticator.option.doNotPrompt=true
#kerberosV5Authenticator.option.debug=true
#kerberosV5Authenticator.file.keyTab=${keyTab}
### Sessions
## Session Creation
create.sessionLength=${sessionLength}
## Identity Resolvers
ldapidentityresolver.baseDN=
ldapidentityresolver.identifier=${identifier-1}
## Session cleanup config
# interval between cache purges in seconds
sessions.cleanupInterval=${sessionCacheClean}
# max age of session data in seconds
sessions.timeoutInterval=${sessionLength}
### Service Provider Enforcement Points
## Metadata
metadata.url=${metadataURL}
metadata.networkUpdateInterval=${networkUpdateInterval}
metadata.esoeIdentifier=${esoeIdentifier}
### Single Sign On
## Processors
sso.allowedActiveAuthSkew=${allowedActiveAuthSkew}
sso.sessionRemainingLength=${sessionRemainingLength}
sso.acceptUnsignedAuthnRequests=${acceptUnsignedAuthnRequests}
### Attribute Authority
## AttributeAuthorityProcessor
aa.allowedSPEPSkew=${allowedSPEPSkew}
### Policy Decision Point
## Authorization Processor
authorizationProcessor.authorizationDefaultMode=$
{authorizationDefaultMode}
authorizationProcessor.allowedTimeSkew=${allowedSPEPSkew}
## Policy Cache Processor
policycacheprocessor.pollInterval=${authorizationPollInterval}
current metadata
----------------
<?xml version="1.0" encoding="UTF-16" ?>
- <md:EntitiesDescriptor xmlns:md="urn:oasis:names:tc:SAML:
2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:lxacml-md="http://www.qut.com/middleware/lxacmlPDPSchema"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xenc="http://
www.w3.org/2001/04/xmlenc#"
ID="_0ec1bfddaebe91db486b242f65ec659c54054e17-4cee51e06e3d9d365f6ff22e22e9bcc6">
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-
exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
sha1" />
- <ds:Reference
URI="#_0ec1bfddaebe91db486b242f65ec659c54054e17-4cee51e06e3d9d365f6ff22e22e9bcc6">
- <ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-
signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /
>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /
>
<ds:DigestValue>bkhSfWzsaL0kwyAdvO0Sc9z8EvA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>IKGbfCKG1zAvfAM2n
+Rboi1Ua38FMj6F87A2QzKQgbE5pVXqT4tLrBVYI3361qrZnQyPLw5qfrua kSfm
+pebXYOZgeFkyBdbcRkRmJ3cK680lQyx8lYY5mAPBC7thqv0szbS2aKGO7IyUcC8AAUOdUnS
dDUCTXZGcR2LML4Lp6J/
LXEyjZFUWyMgKXkxcrTV1CMUvJeN80DDuXGe7oeZ3yqmO57rhcSBBBSc
b8ybFOGO6aBCE5XZtFKfF5MmdGmY8WrIn+Aer7p
+29yeQuzjW5nesJTqpcFEnVH0B5cTVgfwF9nk ENuj
+aZuHUKJOBpbSvGLAa3DO7rTvIXauT/xQw==</ds:SignatureValue>
- <ds:KeyInfo>
<ds:KeyName>4cc9935073e1c606</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
- <md:EntityDescriptor
ID="_4439ddf8f8877eef80bfd709f09c01a3448972f5-0f5e1ee5ee753472f02d5f6b1ef06c38"
entityID="http://blr20357.as.colt:8080">
- <md:IDPSSODescriptor ID="_9b3b89b9826d0aa308b90065888fa57f310745f9-
a2c134b1d32ae874a67d8a7533991a6c" WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
<spep:SPEPStartupService xmlns:spep="http://www.qut.com/middleware/
spepStartupServiceSchema" Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:8080/ws/services/
esoe/spepStartup" xmlns="" />
</md:Extensions>
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
<ds:KeyName xmlns="">da86024da18554ee</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
<ds:Modulus>ALW1qutzoxl8Guhi3+lxYpY5pFngA/m/RLfSKotvcLOPU4SjI4cfXN//
N6x+ssy71kQ6/QTK6s9CTrGWVGvfayzX64wYaFR09WNQQWFm/
DKHTBl7os5vA8c3tV6JeoHiQ9U7B/
Y24HF9OgN6hNQIuaPIbIQD0dggqnC8x6TOKsXZN5OqkSLB5LVAYP+QIg/
qxzozO3r3Xfrm9uNPL7Tp6a2y7Xh6bKCTZS3Dz
+GwFWXQpFajTxylV6Q3z7GoyFYFPdZjeoIlMbqET1kQ9UJJ6SZkaCEN8Qs1CoGqhH/
uSndc/VYolM819C5WpcJlgxZFoW3qHiiBZT5fCvRnBuw7ZbM=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:HTTP-POST" Location="http://blr20357.as.colt:8080/sso" /
>
<md:AttributeProfile>urn:oasis:names:tc:SAML:2.0:attrname-
format:basic</md:AttributeProfile>
</md:IDPSSODescriptor>
- <md:AttributeAuthorityDescriptor
ID="_f6ed121b63a0b2cc6e57b335e1cedcff891a3990-3e8f4e348981db9321b564f62a4aff2f"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
<ds:KeyName xmlns="">da86024da18554ee</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
<ds:Modulus>ALW1qutzoxl8Guhi3+lxYpY5pFngA/m/RLfSKotvcLOPU4SjI4cfXN//
N6x+ssy71kQ6/QTK6s9CTrGWVGvfayzX64wYaFR09WNQQWFm/
DKHTBl7os5vA8c3tV6JeoHiQ9U7B/
Y24HF9OgN6hNQIuaPIbIQD0dggqnC8x6TOKsXZN5OqkSLB5LVAYP+QIg/
qxzozO3r3Xfrm9uNPL7Tp6a2y7Xh6bKCTZS3Dz
+GwFWXQpFajTxylV6Q3z7GoyFYFPdZjeoIlMbqET1kQ9UJJ6SZkaCEN8Qs1CoGqhH/
uSndc/VYolM819C5WpcJlgxZFoW3qHiiBZT5fCvRnBuw7ZbM=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:AttributeService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:8080/ws/services/
esoe/attributeAuthority" />
</md:AttributeAuthorityDescriptor>
- <md:RoleDescriptor xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" ID="_e9a21b823d77cc182ff5d3f93241ae1a4b5da31c-
bfeec84fe708aaa501bd38d92c2461d4"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
xsi:type="lxacml-md:LXACMLPDPDescriptorType">
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
<ds:KeyName xmlns="">da86024da18554ee</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
<ds:Modulus>ALW1qutzoxl8Guhi3+lxYpY5pFngA/m/RLfSKotvcLOPU4SjI4cfXN//
N6x+ssy71kQ6/QTK6s9CTrGWVGvfayzX64wYaFR09WNQQWFm/
DKHTBl7os5vA8c3tV6JeoHiQ9U7B/
Y24HF9OgN6hNQIuaPIbIQD0dggqnC8x6TOKsXZN5OqkSLB5LVAYP+QIg/
qxzozO3r3Xfrm9uNPL7Tp6a2y7Xh6bKCTZS3Dz
+GwFWXQpFajTxylV6Q3z7GoyFYFPdZjeoIlMbqET1kQ9UJJ6SZkaCEN8Qs1CoGqhH/
uSndc/VYolM819C5WpcJlgxZFoW3qHiiBZT5fCvRnBuw7ZbM=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:AuthzService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
Location="http://blr20357.as.colt:8080/ws/services/esoe/
policyDecisionPoint" />
</md:RoleDescriptor>
- <md:ContactPerson contactType="technical">
<md:Company>colt</md:Company>
<md:GivenName>mohamed</md:GivenName>
<md:SurName>elyas</md:SurName>
<md:EmailAddress>elyas.moha...@yahoo.com</md:EmailAddress>
<md:TelephoneNumber>22128311</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
- <md:EntityDescriptor
ID="_67be22679b91b5838f3ae5127f39dcfbbd94ce1b-065bcb957bf11e5aa9ddac8477583457"
entityID="http://blr20357.as.colt:7060/esoemanager">
- <md:SPSSODescriptor AuthnRequestsSigned="true"
ID="_47d5fd41652282e3cad12910f74cfcba1a466227-9b549b3cecfb2e0c53757606a871b258"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
<clear:CacheClearService xmlns:clear="http://www.qut.com/middleware/
cacheClearServiceSchema" Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/authzCacheClear" index="46357" xmlns="" />
</md:Extensions>
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
<ds:KeyName xmlns="">388408730a414003</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
<ds:Modulus>AJlUMaVAF/kx19ISS/
aPtrfVfAQokCWs6y0CG9F9xdjOQYke9p2BY4cNjwVeW68/tWXvQDAIWdSdEJOmKx
+mNXTsp54KRIk+odxvp4gX5qCrDNb39uIdz
+EphEiryJ1xF0ExLmpYeRiaYqnhcRLoBXarDVdR1pZtdISmQvsCnb+WuIRJ69h7ubi1HZ
+Pw6X3huDW9+lJhANBsKyplXocJqndxtC2YVH3VavC4xvahLaXmPD2rJfO62dDw1Yk1oIeTOs0T//
jXxyvSmeNLEGKwm6xJ/P/gKDk4pf6FciMl/
7KBMqJPZ1+A4Vd0eOzyJgaoxhFYEStKpJwWMh24TA+vhE=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/singleLogout" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:HTTP-POST" Location="http://blr20357.as.colt:7060/spep/
sso" index="46357" />
</md:SPSSODescriptor>
- <md:ContactPerson contactType="technical">
<md:Company>colt</md:Company>
<md:GivenName>mohamed</md:GivenName>
<md:SurName>elyas</md:SurName>
<md:EmailAddress>elyas.moha...@yahoo.com</md:EmailAddress>
<md:TelephoneNumber>22128311</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
- <md:EntityDescriptor
ID="_4e8a8da46f25ac1cdfa99016298f021c0fb55337-953c56510397dfbd1be6a70ef0db9400"
entityID="http://blr20357.as.colt:7060/aptGUI">
- <md:SPSSODescriptor AuthnRequestsSigned="true"
ID="_ba9a19bf7b1a5cb4cd87c42cd176258665009301-09838e0a7d4310c4104c67f3c7a3b98f"
WantAssertionsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <md:Extensions>
<clear:CacheClearService xmlns:clear="http://www.qut.com/middleware/
cacheClearServiceSchema" Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/authzCacheClear" index="39800" xmlns="" />
</md:Extensions>
- <md:KeyDescriptor use="signing">
- <ds:KeyInfo>
<ds:KeyName xmlns="">14c7a0845972f0f3</ds:KeyName>
- <ds:KeyValue>
- <ds:RSAKeyValue>
<ds:Modulus>AKECHgT08YO0Le/7g/rn6q2SmCE
+ZyN2kNeGhhrF0cCDch7Ibb3sWfLmPTHu1l8DGOY43YHxQ+EBmDtWu28m8FLprIu48m/
BpxNdRNPDvuSshLxhaNgkHJCOsYIYwXvb2T5fk7nkMvOdqOxW/zfC
+pHKdv4hungbGUm7ya8EaAf8rr+FxlQeNLqWTyM/
DJzI8E5BNcEWprqsaC7CbiysLSnhHE/
7+WdqotQ4jTN5oxDoE6Iek1Ndw5Lj0IhpWh9gHWagvfW5r2iDOheHt0tmKUkEBi/tLk4s
+SVUGLa3BSS4kXZXtOI77YOUasqiDs2TMydy3AryzZVh5YJ0urnyJpM=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:SOAP" Location="http://blr20357.as.colt:7060/spep/
services/spep/singleLogout" />
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-
format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:
2.0:bindings:HTTP-POST" Location="http://blr20357.as.colt:7060/spep/
sso" index="39800" />
</md:SPSSODescriptor>
- <md:ContactPerson contactType="technical">
<md:Company>colt</md:Company>
<md:GivenName>mohamed</md:GivenName>
<md:SurName>elyas</md:SurName>
<md:EmailAddress>elyas.moha...@yahoo.com</md:EmailAddress>
<md:TelephoneNumber>22128311</md:TelephoneNumber>
</md:ContactPerson>
</md:EntityDescriptor>
</md:EntitiesDescriptor>
Error what i am getting is -
008-10-28 10:46:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - Got 18332 chars
of metadata. Hash value is af727567c7b9d32c997c17312706aea6a7694671
2008-10-28 10:46:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - New metadata
encountered. Processing ...
2008-10-28 10:46:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataImpl - Unable to obtain
the assertionConsumerLocation for this SPEP from metadata, IS THIS
SPEP ACTIVATED IN ESOE MANAGER??.
2008-10-28 10:46:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataThread - A SAML problem
occurred reading metadata. Ignoring new metadata. Exception was: ESOE
did not have all required endpoints, halting processing of metadata.
2008-10-28 10:46:49,968 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:46:50,000 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:47:10,000 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:47:10,031 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:47:30,031 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:47:30,062 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:47:50,062 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:47:50,093 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:48:10,093 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:48:10,140 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:48:28,265 INFO
com.qut.middleware.spep.sessions.impl.SessionCacheImpl$CleanupThread -
Cleaning up timed out Principal Sessions ...
2008-10-28 10:48:30,140 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:48:30,171 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:48:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - Got 18332 chars
of metadata. Hash value is 835ee111e6b4c53492b0ab14573dc27525d721b3
2008-10-28 10:48:35,843 INFO
com.qut.middleware.spep.metadata.impl.MetadataThread - New metadata
encountered. Processing ...
2008-10-28 10:48:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataImpl - Unable to obtain
the assertionConsumerLocation for this SPEP from metadata, IS THIS
SPEP ACTIVATED IN ESOE MANAGER??.
2008-10-28 10:48:35,843 ERROR
com.qut.middleware.spep.metadata.impl.MetadataThread - A SAML problem
occurred reading metadata. Ignoring new metadata. Exception was: ESOE
did not have all required endpoints, halting processing of metadata.
2008-10-28 10:48:50,171 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:48:50,203 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:49:10,203 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:49:10,234 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:49:30,234 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:49:30,265 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:49:50,265 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:49:50,296 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loaded
2008-10-28 10:50:10,296 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - SPEP did not
recieve authorization from the ESOE to continue. Waiting 20 seconds
before attempting startup again.
2008-10-28 10:50:10,328 FATAL
com.qut.middleware.spep.impl.StartupProcessorImpl - Unexpected error
prevented SPEP startup. Message was: Metadata was not successfully
loade
|
