Uploaded image for project: 'Shibboleth Discovery Service - Java'
  1. Shibboleth Discovery Service - Java
  2. SDSJ-83

The discovery service does not allow for several EntitiesDescriptor levels in the metadata file

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.1
    • Fix Version/s: 1.1.2
    • Labels:
      None
    • Java Version:
      Sun 1.6
    • Servlet Container:
      Apache Tomcat 6.0

      Description

      The discovery service does not allow for several EntitiesDescriptor levels in the metadata file. That is :
       
      <EntitiesDescriptor Name="All entities">
          <EntityDescriptor entityID="https://sp.example1.org/shibboleth">
              ...
          </EntityDescriptor>
          <EntityDescriptor entityID="https://idp.example1.org/shibboleth">
              ...
          </EntityDescriptor>
          <EntityDescriptor entityID="https://idp.example2.org/shibboleth">
              ...
          </EntityDescriptor>
      </EntitiesDescriptor>
       
      is OK, but :
       
      <EntitiesDescriptor Name="All entities">
          <EntitiesDescriptor Name="All example1 entities">
              <EntityDescriptor entityID="https://sp.example1.org/shibboleth">
                  ...
              </EntityDescriptor>
              <EntityDescriptor entityID="https://idp.example1.org/shibboleth">
                  ...
              </EntityDescriptor>
          </EntitiesDescriptor>
          <EntitiesDescriptor Name="All example2 entities">
              <EntityDescriptor entityID="https://idp.example2.org/shibboleth">
                  ...
              </EntityDescriptor>
          </EntitiesDescriptor>
      </EntitiesDescriptor>
       
      is not.
       
      The problem lies in the onEvent method of the IdPSiteSet class :
       
              if ((obj instanceof EntitiesDescriptor)) {
                  EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) obj;
                  
                  for (EntityDescriptor entity : entitiesDescriptor.getEntityDescriptors()) {
                      if (hasSPRole(entity)) {
                          spNameSet.add(entity.getEntityID());
                      }
                      if (hasIdPRole(entity)) {
                          idpNameSet.add(entity.getEntityID());
                      }
                  }
              }
       
      So when the EntityDescriptor is not a direct child of the root EntitiesDescriptor, spNameSet and idpNameSet are left empty (which causes the problem described below), even though the metadata have been correctly loaded.
      T

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                rdw Rod Widdowson (Inactive)
                Reporter:
                franckc Franck Cotton (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: