Shibboleth does not start because of error in relying-party.xml

By: Marcus Fenner user 06 Mar 2018 at 9 a.m. CST

6 Responses
Marcus Fenner gravatar
The Shibboleth service does not start because of an error in `relying-party.xml` (see below, `p:encryptNameIds-ref=` should be `p:encryptNameIDs-ref=`). I can fix this by hand but it will be overwritten by the next configuration change/refresh. ``` 2018-03-06 15:50:16,750 - WARN [net.shibboleth.ext.spring.context.FilesystemGenericApplicationContext:549] - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.RelyingPartyOverrides': Cannot create inner bean '045BFA8D6538B4C400025159C8580006B46CA52A' of type [net.shibboleth.idp.saml.relyingparty.impl.RelyingPartyConfigurationSupport] while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '045BFA8D6538B4C400025159C8580006B46CA52A' defined in file [/opt/shibboleth-idp/conf/relying-party.xml]: Cannot create inner bean 'SAML2.AttributeQuery$child#59b32539' of type [net.shibboleth.idp.saml.saml2.profile.config.AttributeQueryProfileConfiguration] while setting bean property 'profileConfigurations' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'SAML2.AttributeQuery$child#59b32539' defined in file [/opt/shibboleth-idp/conf/relying-party.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'encryptNameIds' of bean class [net.shibboleth.idp.saml.saml2.profile.config.AttributeQueryProfileConfiguration]: Bean property 'encryptNameIds' is not writable or has an invalid setter method. Did you mean 'encryptNameIDs'? 2018-03-06 15:50:16,756 - ERROR [net.shibboleth.utilities.java.support.service.AbstractReloadableService:181] - Service 'shibboleth.RelyingPartyResolverService': Initial load failed ```
CentOS 7.4
closed

Answers

By Aliaksandr Samuseu staff 06 Mar 2018 at 8:37 p.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Marcus. What `# rpm -qi gluu-server-3.1.2` does show outside of container? Please describe all steps allowing to reproduce your issues, as I can't observe it in my current CentOS 7.4 instance. I don't seem to have the character case issue you are mentioning in my setup: ``` # grep -i -e 'encryptNameIds' /opt/shibboleth-idp/conf/relying-party.xml p:encryptNameIDs="false" p:encryptNameIDs="false" p:encryptNameIDs="false" p:encryptNameIDs="false" p:encryptNameIDs="false" p:encryptNameIDs="true" ``` If you are adamant to fix it in-place, to prevent your changes from being overwritten each time, you need to edit the corresponding Velocity template instead: `/opt/gluu/jetty/identity/conf/shibboleth3/idp/relying-party.xml.vm`

By Marcus Fenner user 07 Mar 2018 at 5:26 a.m. CST

Copy
Marcus Fenner gravatar
Hi Aliaksandr, I've upgraded from 3.1.1. I currently don't have access to the system (I can check tomorrow) but I've found that the bug occurs when using Configure Relying Party and set "encryptNameIDs" to "conditional" and then `p:encryptNameIds-ref=` occurs in the file.

By Mohib Zico Account Admin 14 Mar 2018 at 5:02 a.m. CDT

Copy
Mohib Zico gravatar
Marcus, I have asked our QA team to do a quick check on this.

By Sahil Arora user 14 Mar 2018 at 5:50 p.m. CDT

Copy
Sahil Arora gravatar
Hi Marcus, Thank you for notifying this issue. I was able to reproduce it, and raised this [defect](https://github.com/GluuFederation/oxShibboleth/issues/40) to be fixed in 3.1.3 build.

By Sahil Arora user 20 Mar 2018 at 5:50 p.m. CDT

Copy
Sahil Arora gravatar
Closing this ticket. We can refer [this ](https://github.com/GluuFederation/oxShibboleth/issues/40)defect for further updates. Thanks

By Dmitry Ognyannikov user 21 Mar 2018 at 8:59 a.m. CDT

Copy
Dmitry Ognyannikov gravatar
Fixed.

Post an answer