...
The simplest thing in most cases is just to update your shibboleth2.xml file and security-policy.xml files in place by changing the namespace declaration at the top of the file from
urn:mace:shibboleth:2.0:native:sp:configtourn:mace:shibboleth:3.0:native:sp:config(there are usually two mentions of the namespace in the root element). Note the difference there, the 2.0→ 3.0 in the string.Be sure to review all "MetadataProvider" elements in the shibboleth2.xml file for "file" and "uri" attributes. These attribute names are no longer valid in the 3.0 namespace and must be replaced with the "path" and "url" attribute names. Examples below.
Code Block language xml title Old MetadataProvider collapse true <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> <MetadataFilter type="Signature" certificate="fedsigner.pem"/> </MetadataProvider> <MetadataProvider type="XML" file="idp-metadata.xml"/>Code Block language xml title New MetadataProvider collapse true <MetadataProvider type="XML" url="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> <MetadataFilter type="Signature" certificate="fedsigner.pem"/> </MetadataProvider> <MetadataProvider type="XML" path="idp-metadata.xml"/>- Alternatively you can start with the default shibboleth2.xml.dist file and transfer your settings to a new copy of shibboleth2.xml, but that has a tendency to break things because it's hard to reproduce complex settings accurately.
...