1 260
szerkesztés
Módosítások
a
autosave
=== Problems loading metadata to Shibboleth SP ===
For perl processing, MDS output is run through <code>xml_pp</code>, an XML pretty-printer.
Here is the command I use to load MDS output to a Shibboleth 2.0 SP:
wget -O- --ca-certificate=/home/bajnokk/edugain_bundle.crt https://mds.edugain.org |xml_pp \
| perl -pe 's/(<(md:)?EntitiesDescriptor)/\1 xmlns="urn:oasis:names:tc:SAML:2.0:metadata"/; s/.*RoleDescriptor.*//g; s/.*OnlineCA.*//g; \
s/cacheDuration[^ >]*//g; ' >/tmp/mds-pp.xml
Explanation follows:
==== Unable to connect ====
For some reason, Shibboleth 2.0 cannot connect to https://mds.edugain.org. It seems to be a <code>libcurl</code> issue, which is not easy to circumvent. ([http://groups.google.com/group/shibboleth-users/browse_thread/thread/db6993fbaa3bd6ec# See this shib-users thread]) Newer cURL's can handle the SSL handshake (the ones in Ubuntu Intrepid and Debian Lenny can not). So it's necessary to <code>wget</code> the metadata.
==== No default namespace ====
There is no default namespace for the outer <code>EntitiesDescriptor</code>, the root element. No problem with that, but there is at least one <code>EntityDescriptor</code>, which is not correctly namespaced (and assumes that the default namespace is <code>urn:oasis:names:tc:SAML:2.0:metadata</code>)
