Differences

This shows you the differences between two versions of the page.

--- en:shibidp:troubleshooting [2023/03/02 11:40] – More engl. sections Silke Meyer
+++ en:shibidp:troubleshooting [2023/03/02 12:21] (current) – [Download the metadata of your IdP/SP] Silke Meyer
@@ Line 5: / Line 5: @@
   * [[https://wiki.shibboleth.net/confluence/display/IDP4/Troubleshooting|Troubleshooting]] page in the official Shibboleth documentation
-===== Download the metadata of your IdP/SP =====
+===== Where to download the metadata of your IdP/SP =====
 Here is how you can get the metadata of your IdP or SP as they are currently published to the federation:
@@ Line 135: / Line 135: @@
 ===== Duplicate attributes in Shibboleth IdP 4.x =====
 If you notice that your IdP 4.x transmits duplicate attributes, you probably have copied the file ''conf/attribute-resolver.xml'' from an IdP 3.x without adapting it. The IdP has duplicate transcoding rules: once in ''conf/attribute-resolver.xml'' and once in the Attribute Registry. Remove the Attribute Encoder lines from the resolver configuration so that it looks like in [[de:shibidp:config-attributes-minimal|this example]].
+===== Duplicate Transcoding Rule =====
+If you get the error message below, you probably have a duplicate attribute in your Attribute Registry. Maybe you imported attributes from a file like our dfnMisc.xml ([[de:shibidp:config-attributes#edupersontargetedid_und_andere_verbreitete_attribute_hinterlegen|German documentation]]) **and** you have defined one of the attributes in an individual .properties file underneath ''conf/attributes/custom/''? Make sure that each attribute exists in the Attribute Registry exactly once.
+<code bash>java.lang.IllegalArgumentException: {urn:oasis:names:tc:SAML:2.0:assertion}NameID is
+already the child of another XMLObject and may not be inserted into this list</code>
+===== IdP/SP is no longer part of the eduGAIN metadata =====
+Our downstream eduGAIN metadata (the eduGAIN metadata we distribute to DFN-AAI) have never contained entities from DFN-AAI. We filter them out because your systems already know them from DFN-AAI metadata and we do not want to distribute duplicates. To check whether an entity is part of the eduGAIN metadata, please search for it in the [[https://technical.edugain.org/entities|eduGAIN Entities Database]].
 ===== IdP is not displayed in Discovery Services =====
@@ Line 143: / Line 153: @@
   * You have ticked the checkbox "hide from discovery" in the IdP's settings in the metadata administration tool. Remove the tick and wait for 60-90 minutes.
+===== SP Metadata: AuthnRequestsSigned and WantAssertionsSigned =====
+A Service Provider can announce in its metadata that it
+  * signs Authentication Requests it sends to IdPs, and/or
+  * wants to get signed SAML assertions back.
+Our metadata administration tool only displays this information if it is included in the xml files upon initial upload to the metadata administration. Please extend your SP metadata like this:<code xml><md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"></code>
 {{tag>idp4 troubleshooting debugging debug logging}}

idp4 troubleshooting debugging debug logging