Shibboleth Deprecated Values

If you are seeing this when you start TomCat on a Shibboleth server you need to check your Shibboleth configuration as follows:

13:43:13.007 - WARN [edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils:276] - Numerical duration form is deprecated. The property 'maxValidityInterval' on metadata filter of type {urn:mace:shibboleth:2.0:metadata}RequiredValidUntil should use the duration notation: P46DT12H0M0.000S

Open relying-party.xml and change the maxvalidityinterval value within this section to: P46DT12H0M0.000S instead of: 4017600.

<MetadataProvider xmlns="urn:mace:shibboleth:2.0:metadata" backingFile="C:\Program Files (x86)\Internet2\Shib2Idp/metadata/Downloaded-Metadata.xml" id="UK-MD" metadataURL="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml" xsi:type="FileBackedHTTPMetadataProvider">
<MetadataFilter xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="ChainingFilter">
<MetadataFilter maxValidityInterval="P46DT12H0M0.000S" xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="RequiredValidUntil"/>
<MetadataFilter requireSignedMetadata="true" trustEngineRef="shibboleth.UKFedTrustEngine" xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="SignatureValidation"/>
<MetadataFilter xmlns="urn:mace:shibboleth:2.0:metadata" xsi:type="EntityRoleWhiteList">
<RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataFilter>
</MetadataProvider>
</metadata:MetadataProvider>

Leave a Reply Cancel reply

Extreme Networks Remove LACP Key from Port

Active Directory Read Only Domain Controller (RODC) – “there are currently no logon servers available to service the logon request”

Query Message Tracking Logs on Microsoft Exchange using Powershell

Related Posts

APC UPS Management Card Utility Not Working

My FTTC Broadband Setup Experience

Test SMTPS from Command Line

Leave a Reply Cancel reply