Farzan Qureshi
2014-08-14 21:34:35 UTC
Hi all,
I am trying to configure Shibboleth as an IdP for MS Office 365. I am
following instructions from the link
http://technet.microsoft.com/en-us/library/jj205463.aspx#BKMK_1
It says that to convert the AD records to binary when they are fetched by
Shibboleth, we have to add an LDAPPROPERTY. For example:
<!-- Example LDAP Connector -->
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
ldapURL="ldap://ldap.myorg.com"
baseDN="ou=Users,dc=myorg,dc=com"
principal="CN=ServiceUser,OU=Users,DC=myorg,DC=com"
principalCredential="t3st3tye">
<dc:FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</dc:FilterTemplate>
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
</resolver:DataConnector>
I have made all the required changes and have skipped this LDAPPROPERTY
because it gives me error which I will address shortly. Everything is
working alright however I am still waiting for microsoft to update our
federation settings so that I can try to login with Shibboleth IdP. The
problem is that on the website it is mentioned that we must use
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
or else authentication will fail because the format of objectGUID will not
be in binary.
When I add the above configuration in attribute-resolver.xml and restart
tomcat services I get following errors. However when I remove
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
there are no errors and everything start to work. I wonder if the syntax of
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
is correct or may be it is based on old shibboleth versions. We are running
Shibboleth IdP 2.4.0.
Any ideas?
Following are the errors:
15-Aug-2014 09:23:52.298 INFO [localhost-startStop-1]
org.apache.catalina.core.ApplicationContext.log Initializing Spring root
WebApplicationContext
15-Aug-2014 09:23:57.911 SEVERE [localhost-startStop-1]
org.apache.catalina.core.StandardContext.listenerStart Exception sending
context initialized event to listener instance of class
org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'shibboleth.AttributeResolver': Invocation of init method
failed; nested exception is
edu.internet2.middleware.shibboleth.common.service.ServiceException:
Configuration was not loaded for shibboleth.AttributeResolver service,
error creating components.
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at
org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4760)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5184)
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:724)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:700)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:581)
at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1686)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by:
edu.internet2.middleware.shibboleth.common.service.ServiceException:
Configuration was not loaded for shibboleth.AttributeResolver service,
error creating components.
at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:192)
at
edu.internet2.middleware.shibboleth.common.config.BaseReloadableService.initialize(BaseReloadableService.java:148)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
... 28 more
Caused by: org.xml.sax.SAXParseException; lineNumber: 345; columnNumber:
78; cvc-complex-type.2.4.a: Invalid content was found starting with element
'LDAPProperty'. One of
'{"urn:mace:shibboleth:2.0:resolver:dc":ReturnAttributes,
"urn:mace:shibboleth:2.0:resolver:dc":LDAPProperty,
"urn:mace:shibboleth:2.0:resolver:dc":StartTLSTrustCredential,
"urn:mace:shibboleth:2.0:resolver:dc":StartTLSAuthenticationCredential,
"urn:mace:shibboleth:2.0:resolver:dc":ConnectionPool,
"urn:mace:shibboleth:2.0:resolver:dc":ResultCache}' is expected.
at
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.emptyElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at
edu.internet2.middleware.shibboleth.common.config.SpringDocumentLoader.loadDocument(SpringDocumentLoader.java:56)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:342)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
at
edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.populateRegistry(SpringConfigurationUtils.java:89)
at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:170)
... 36 more
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.
I am trying to configure Shibboleth as an IdP for MS Office 365. I am
following instructions from the link
http://technet.microsoft.com/en-us/library/jj205463.aspx#BKMK_1
It says that to convert the AD records to binary when they are fetched by
Shibboleth, we have to add an LDAPPROPERTY. For example:
<!-- Example LDAP Connector -->
<resolver:DataConnector id="myLDAP" xsi:type="dc:LDAPDirectory"
ldapURL="ldap://ldap.myorg.com"
baseDN="ou=Users,dc=myorg,dc=com"
principal="CN=ServiceUser,OU=Users,DC=myorg,DC=com"
principalCredential="t3st3tye">
<dc:FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</dc:FilterTemplate>
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
</resolver:DataConnector>
I have made all the required changes and have skipped this LDAPPROPERTY
because it gives me error which I will address shortly. Everything is
working alright however I am still waiting for microsoft to update our
federation settings so that I can try to login with Shibboleth IdP. The
problem is that on the website it is mentioned that we must use
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
or else authentication will fail because the format of objectGUID will not
be in binary.
When I add the above configuration in attribute-resolver.xml and restart
tomcat services I get following errors. However when I remove
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
there are no errors and everything start to work. I wonder if the syntax of
<LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
is correct or may be it is based on old shibboleth versions. We are running
Shibboleth IdP 2.4.0.
Any ideas?
Following are the errors:
15-Aug-2014 09:23:52.298 INFO [localhost-startStop-1]
org.apache.catalina.core.ApplicationContext.log Initializing Spring root
WebApplicationContext
15-Aug-2014 09:23:57.911 SEVERE [localhost-startStop-1]
org.apache.catalina.core.StandardContext.listenerStart Exception sending
context initialized event to listener instance of class
org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'shibboleth.AttributeResolver': Invocation of init method
failed; nested exception is
edu.internet2.middleware.shibboleth.common.service.ServiceException:
Configuration was not loaded for shibboleth.AttributeResolver service,
error creating components.
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1338)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at
org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4760)
at
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5184)
at
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:724)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:700)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
at
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:581)
at
org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1686)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by:
edu.internet2.middleware.shibboleth.common.service.ServiceException:
Configuration was not loaded for shibboleth.AttributeResolver service,
error creating components.
at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:192)
at
edu.internet2.middleware.shibboleth.common.config.BaseReloadableService.initialize(BaseReloadableService.java:148)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
... 28 more
Caused by: org.xml.sax.SAXParseException; lineNumber: 345; columnNumber:
78; cvc-complex-type.2.4.a: Invalid content was found starting with element
'LDAPProperty'. One of
'{"urn:mace:shibboleth:2.0:resolver:dc":ReturnAttributes,
"urn:mace:shibboleth:2.0:resolver:dc":LDAPProperty,
"urn:mace:shibboleth:2.0:resolver:dc":StartTLSTrustCredential,
"urn:mace:shibboleth:2.0:resolver:dc":StartTLSAuthenticationCredential,
"urn:mace:shibboleth:2.0:resolver:dc":ConnectionPool,
"urn:mace:shibboleth:2.0:resolver:dc":ResultCache}' is expected.
at
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown
Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator.emptyElement(Unknown Source)
at
org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown
Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at
edu.internet2.middleware.shibboleth.common.config.SpringDocumentLoader.loadDocument(SpringDocumentLoader.java:56)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:342)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
at
edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.populateRegistry(SpringConfigurationUtils.java:89)
at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:170)
... 36 more
--
*Farzan Qureshi* | Network Administrator & Help-desk Support | Rosmini
College | (09) 487 0 530
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager (
admin-***@public.gmane.org). Please note that any views or opinions presented
in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this
email and any attachments for the presence of viruses. Rosmini College
accepts no liability for any damage caused by any virus transmitted by this
email.