Uploaded image for project: 'Shibboleth Discovery Service - Java'
  1. Shibboleth Discovery Service - Java
  2. SDSJ-83

The discovery service does not allow for several EntitiesDescriptor levels in the metadata file

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.1
    • Fix Version/s: 1.1.2
    • Labels:
      None
    • Java Version:
      Sun 1.6
    • Servlet Container:
      Apache Tomcat 6.0

      Description

      The discovery service does not allow for several EntitiesDescriptor levels in the metadata file. That is :
       
      <EntitiesDescriptor Name="All entities">
          <EntityDescriptor entityID="https://sp.example1.org/shibboleth">
              ...
          </EntityDescriptor>
          <EntityDescriptor entityID="https://idp.example1.org/shibboleth">
              ...
          </EntityDescriptor>
          <EntityDescriptor entityID="https://idp.example2.org/shibboleth">
              ...
          </EntityDescriptor>
      </EntitiesDescriptor>
       
      is OK, but :
       
      <EntitiesDescriptor Name="All entities">
          <EntitiesDescriptor Name="All example1 entities">
              <EntityDescriptor entityID="https://sp.example1.org/shibboleth">
                  ...
              </EntityDescriptor>
              <EntityDescriptor entityID="https://idp.example1.org/shibboleth">
                  ...
              </EntityDescriptor>
          </EntitiesDescriptor>
          <EntitiesDescriptor Name="All example2 entities">
              <EntityDescriptor entityID="https://idp.example2.org/shibboleth">
                  ...
              </EntityDescriptor>
          </EntitiesDescriptor>
      </EntitiesDescriptor>
       
      is not.
       
      The problem lies in the onEvent method of the IdPSiteSet class :
       
              if ((obj instanceof EntitiesDescriptor)) {
                  EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) obj;
                  
                  for (EntityDescriptor entity : entitiesDescriptor.getEntityDescriptors()) {
                      if (hasSPRole(entity)) {
                          spNameSet.add(entity.getEntityID());
                      }
                      if (hasIdPRole(entity)) {
                          idpNameSet.add(entity.getEntityID());
                      }
                  }
              }
       
      So when the EntityDescriptor is not a direct child of the root EntitiesDescriptor, spNameSet and idpNameSet are left empty (which causes the problem described below), even though the metadata have been correctly loaded.
      T

        Attachments

          Activity

            People

            • Assignee:
              rdw Rod Widdowson
              Reporter:
              franckc Franck Cotton
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: