Chris,
I should have posted the full xml file to show that I believe those pieces are
in the handler.xml
Full handler.xml:
<?xml version="1.0" encoding="UTF-8"?>
<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:shib-cas="http://unicon.net/shib-cas/authn";
xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler
classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
http://unicon.net/shib-cas/authn
classpath:/schema/casLoginHandler.xsd">
<!-- CAS/Shib IDP External Login Handler. propertiesFile attribute is optional
-->
<ph:LoginHandler xsi:type="shib-cas:CasLoginHandler"
propertiesFile="/opt/shibboleth-idp/conf/cas-shib.properties">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
<shib-cas:paramBuilder
class="net.unicon.idp.authn.provider.extra.EntityIdParameterBuilder" />
</ph:LoginHandler>
<!-- Error Handler -->
<ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
<!-- Profile Handlers -->
<!--
All profile handlers defined below are accessed via the Servlet path
"/profile" so if your profile
handler's request path is "/Status" then the full path is
"<servletContextName>/profile/Status"
-->
<ph:ProfileHandler xsi:type="ph:Status">
<ph:RequestPath>/Status</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAMLMetadata"
metadataFile="/opt/shibboleth-idp/metadata/idp-metadata.xml">
<ph:RequestPath>/Metadata/SAML</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:ShibbolethSSO"
inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post
urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
<ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery"
inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
<ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution"
inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
<ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SSO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SSO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SSO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SSO"
inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2ECP"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
<ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SLO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SLO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SLO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
<ph:RequestPath>/SAML2/POST-SimpleSign/SLO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SLO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
<ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2SLO"
inboundBinding="urn:mace:shibboleth:2.0:profiles:LocalLogout">
<ph:RequestPath>/Logout</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
<ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
</ph:ProfileHandler>
<ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
<ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
</ph:ProfileHandler>
<!-- Login Handlers -->
<ph:LoginHandler xsi:type="ph:RemoteUser">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
</ph:LoginHandler>
<!-- Login handler that delegates the act of authentication to an external
system. -->
<!-- This login handler and the RemoteUser login handler will be merged in
the next major release. -->
<!--
<ph:LoginHandler xsi:type="ph:ExternalAuthn">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
<ph:QueryParam name="foo" value="bar" />
</ph:LoginHandler>
-->
<!-- Username/password login handler -->
<!--
<ph:LoginHandler xsi:type="ph:UsernamePassword"
jaasConfigurationLocation="file:///opt/shibboleth-idp/conf/login.config">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
</ph:LoginHandler>
-->
<!--
Removal of this login handler will disable SSO support, that is it will
require the user to authenticate
on every request.
-->
<ph:LoginHandler xsi:type="ph:PreviousSession">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
</ph:LoginHandler>
</ph:ProfileHandlerGroup>
Ben Branch
UNIX/Linux Administrator
University of Central Oklahoma
ITIL Foundation v3, Network+, RHCSA
100 N. University Drive, Box 122
Edmond, OK 73034
D: 405.974.2649 | M: 405.550.6804 | [email protected] | www.uco.edu
“I am wiser than this man, for neither of us appears to know anything great and
good; but he fancies he knows something, although he knows nothing; whereas I,
as I do not know anything, so I do not fancy I do. In this trifling particular,
then, I appear to be wiser than he, because I do not fancy I know what I do not
know.” - Socrates
-----Original Message-----
From: Charles Hasegawa [mailto:[email protected]]
Sent: Wednesday, June 25, 2014 1:04 PM
To: [email protected]
Subject: Re: [cas-user] CAS-Shib Integration: Getting an error when deploying
the idp.war
ok, seeing that their definition of login handler is expecting an ErrorHandler.
You should check that they have a valid file. The expectation was that they'd
ADD to the existing handler.xml, not just have a file with the header and
loginHandler. They still need all the other stuff.
----- Original Message -----
From: "Ben Branch" <[email protected]>
To: [email protected]
Sent: Wednesday, June 25, 2014 10:18:38 AM
Subject: [cas-user] CAS-Shib Integration: Getting an error when deploying the
idp.war
All,
I’ve been following the Unicon guide on how to integrate Shibboleth with CAS. I
thought I had everything configured properly, but that does not appear to be
the case. I’m getting the following error in my catalina.out:
Jun 25, 2014 11:32:47 AM org.apache.jk.server.JkMain start
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: edu.internet2.middleware.shibboleth.common.service.ServiceException:
Configuration was not loaded for shibboleth.HandlerManager service, error
creating components.
at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:192)
at
edu.internet2.middleware.shibboleth.common.config.BaseReloadableService.initialize(BaseReloadableService.java:148)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1414)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1375)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1335)
... 39 more
Caused by: org.xml.sax.SAXParseException; lineNumber: 14; columnNumber: 66;
cvc-complex-type.2.4.a: Invalid content was found starting with element
'ph:LoginHandler'. One of
'{"urn:mace:shibboleth:2.0:idp:profile-handler":ErrorHandler}' is expected.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown
Source)
at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at
org.apache.xerces.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown
Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown
Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement(Unknown
Source)
at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown Source)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown
Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at
edu.internet2.middleware.shibboleth.common.config.SpringDocumentLoader.loadDocument(SpringDocumentLoader.java:56)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:342)
at
org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:310)
at
org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
at
edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils.populateRegistry(SpringConfigurationUtils.java:89)
at
edu.internet2.middleware.shibboleth.common.config.BaseService.loadContext(BaseService.java:170)
... 47 more
Jun 25, 2014 11:32:47 AM org.apache.catalina.core.StandardContext start
SEVERE: Error listenerStart
Jun 25, 2014 11:32:47 AM org.apache.catalina.core.StandardContext start
SEVERE: Context [/idp] startup failed due to previous errors
My /opt/shibboleth-idp/handler.xml (as per the Unicon guide):
<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:shib-cas="http://unicon.net/shib-cas/authn";
xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler
classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd
http://unicon.net/shib-cas/authn
classpath:/schema/casLoginHandler.xsd">
<!-- CAS/Shib IDP External Login Handler. propertiesFile attribute is optional
-->
<ph:LoginHandler xsi:type="shib-cas:CasLoginHandler"
propertiesFile="/opt/shibboleth-idp/conf/cas-shib.properties">
<ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
<shib-cas:paramBuilder
class="net.unicon.idp.authn.provider.extra.EntityIdParameterBuilder" />
</ph:LoginHandler>
-------------------------------------------------------------------
I’m not really sure where to go on this, I believe I have everything setup
properly, but I do not understand why I am still receiving this error message.
Any help on this would be greatly appreciated.
Ben Branch
UNIX/Linux Administrator
University of Central Oklahoma
ITIL Foundation v3, Network+, RHCSA
100 N. University Drive, Box 122
Edmond, OK 73034
D: 405.974.2649 | M: 405.550.6804 | bbranch@uco. edu | www.uco.edu
“ I am wiser than this man, for neither of us appears to know anything great
and good; but he fancies he knows something, although he knows nothing; whereas
I, as I do not know anything, so I do not fancy I do. In this trifling
particular, then, I appear to be wiser than he, because I do not fancy I know
what I do not know. ” - Socrates
**Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and
Green! Please print this e-mail only if absolutely necessary!
**CONFIDENTIALITY** -This e-mail (including any attachments) may contain
confidential, proprietary and privileged information. Any unauthorized
disclosure or use of this information is prohibited. -- You are currently
subscribed to [email protected] as: [email protected] To unsubscribe,
change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected] To
unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
**Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and
Green! Please print this e-mail only if absolutely necessary!
**CONFIDENTIALITY** This e-mail (including any attachments) may contain
confidential, proprietary and privileged information. Any unauthorized
disclosure or use of this information is prohibited.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
