| [jetty-users] Shibboleth Error: Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'shibboleth.metrics.AttributeResolverGaugeSet' defined in file [C:\Program Files (x86)\Shibboleth\IdP\system\conf\general-admin-system.xml]: Invocation of init method failed; nested exception is net.shibboleth.utilities.java.support.component.ComponentInitializationException: Injected service was null or not an AttributeResolver |
Attachment:
idp-process.log
Description: Binary data
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is an EXAMPLE configuration file. While the configuration
presented in this example file is semi-functional, it isn't very
interesting. It is here only as a starting point for your deployment
process.
Very few attribute definitions and data connectors are demonstrated,
and the data is derived statically from the logged-in username and a
static example connector.
Attribute-resolver-full.xml contains more examples of attributes,
encoders, and data connectors. Deployers should refer to the Shibboleth
documentation for a complete list of components and their options.
-->
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd";>
<!-- ========================================== -->
<!-- Attribute Definitions -->
<!-- ========================================== -->
<!-- Use AD LDS objectGUID for ImmutableID -->
<AttributeDefinition id="ImmutableID xsi:type=Simple" sourceAttributeID="objectGUID">
<Dependancy ref="myLDAP" />
</AttributeDefinition>
<!-- mail for Azure AD User ID -->
<AttributeDefinition id="UserID xsi:type=Simple" sourceAttributeID="userPrincipalName">
<Dependancy ref="myLDAP" />
<AttributeEncoder xsi:type="SAML2String" name="IDPEmail" friendlyName="UserId" />
</AttributeDefinition>
<!--
The EPPN is the "standard" federated username in higher ed.
For guidelines on the implementation of this attribute, refer
to the Shibboleth and eduPerson documentation. Above all, do
not expose a value for this attribute without considering the
long term implications.
-->
<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid">
<Dependency ref="uid" />
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>
<!--
The uid is the closest thing to a "standard" LDAP attribute
representing a local username, but you should generally *never*
expose uid to federated services, as it is rarely globally unique.
-->
<AttributeDefinition id="uid" xsi:type="PrincipalName">
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>
<!--
In the rest of the world, the email address is the standard identifier,
despite the problems with that practice. Consider making the EPPN
value the same as your official email addresses whenever possible.
-->
<AttributeDefinition id="mail" xsi:type="Template">
<Dependency ref="uid" />
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
<Template>
<![CDATA[
${uid}@example.org
]]>
</Template>
<SourceAttribute>uid</SourceAttribute>
</AttributeDefinition>
<!--
This is an example of an attribute sourced from a data connector.
-->
<AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="affiliation">
<Dependency ref="staticAttributes" />
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
</AttributeDefinition>
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
<DataConnector id="staticAttributes" xsi:type="Static">
<Attribute id="affiliation">
<Value>member</Value>
</Attribute>
</DataConnector>
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
ConnectionTimeout="%{idp.attribute.resolver.LDAP.ConnectionTimeout:PT3S}"
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout:PT3S}">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
<LDAPProperty name="java.namimg.ldap.attributes.binary" value="objectGUID" />
<ConnectionPool
minPoolSize="%{idp.pool.LDAP.minSize:3}"
maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validateTimerPeriod:PT5M}"
expirationTime="%{idp.pool.LDAP.expirationTime:PT10M}"
failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
</DataConnector>
</AttributeResolver>
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:context="http://www.springframework.org/schema/context"; xmlns:util="http://www.springframework.org/schema/util"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:c="http://www.springframework.org/schema/c"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"; default-init-method="initialize" default-destroy-method="destroy"> <!-- ========================= SAML NameID Generation ========================= --> <!-- These generator lists handle NameID/Nameidentifier generation going forward. By default, transient IDs for both SAML versions are enabled. The commented examples are for persistent IDs and generating more one-off formats based on resolved attributes. The suggested approach is to control their use via release of the underlying source attribute in the filter policy rather than here, but you can set a property on any generator called "activationCondition" to limit use in the most generic way. Most of the relevant configuration settings are controlled using properties; an exception is the generation of arbitrary/custom formats based on attribute information, examples of which are shown below. --> <!-- SAML 2 NameID Generation --> <util:list id="shibboleth.SAML2NameIDGenerators"> <ref bean="shibboleth.SAML2TransientGenerator" /> <!-- Uncommenting this bean requires configuration in saml-nameid.properties. --> <!-- <ref bean="shibboleth.SAML2PersistentGenerator" /> --> <!-- <bean parent="shibboleth.SAML2AttributeSourcedGenerator" p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" p:attributeSourceIds="#{ {'mail'} }" /> --> </util:list> <!-- SAML 1 NameIdentifier Generation --> <util:list id="shibboleth.SAML1NameIdentifierGenerators"> <ref bean="shibboleth.SAML1TransientGenerator" /> <!-- <bean parent="shibboleth.SAML1AttributeSourcedGenerator" p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" p:attributeSourceIds="#{ {'mail'} }" /> --> </util:list> </beans>