Versions Compared

Old Version 10

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 11

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The simplest thing in most cases is just to update your shibboleth2.xml and security-policy.xml files in place by changing the namespace declaration at the top of the file from urn:mace:shibboleth:2.0:native:sp:config to urn:mace:shibboleth:3.0:native:sp:config (there are usually two mentions of the namespace in the root element). Note the difference there, the 2.0→ 0→ 3.0 in the string.

    Be sure to review all "MetadataProvider" elements in the shibboleth2.xml file for "file" and "uri" attributes.  These attribute names are no longer valid in the 3.0 namespace and must be replaced with the "path" and "url" attribute names.  Examples below.

    Old MetadataProvider

    Code Block
    title
    languagexmlOld MetadataProvider
    collapsetrue
    <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
    <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
</MetadataProvider>


<MetadataProvider type="XML" file="idp-metadata.xml"/>

    New MetadataProvider

    Code Block
    languagexml
    titleNew MetadataProvider
    collapsetrue
    <MetadataProvider type="XML" url="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200">
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
    <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
</MetadataProvider>


<MetadataProvider type="XML" path="idp-metadata.xml"/>

  • Alternatively you can start with the default shibboleth2.xml.dist file and transfer your settings to a new copy of shibboleth2.xml, but that has a tendency to break things because it's hard to reproduce complex settings accurately.

The V3 default filename remains "shibboleth2.xml" to facilitate the upgrade process. Any settings that are flagged with warnings may be removed from the updated XML schema and prevent the system from loading the file if the namespace is updated, so they should be corrected as part of the process and once the system is operating with the new file you're done.

...