...
The simplest thing in most cases is just to update your shibboleth2.xml and security-policy.xml files in place by changing the namespace declaration at the top of the file from
urn:mace:shibboleth:2.0:native:sp:config
tourn:mace:shibboleth:3.0:native:sp:config
(there are usually two mentions of the namespace in the root element). Note the difference there, the 2.0→ 0→ 3.0 in the string.Be sure to review all "MetadataProvider" elements in the shibboleth2.xml file for "file" and "uri" attributes. These attribute names are no longer valid in the 3.0 namespace and must be replaced with the "path" and "url" attribute names. Examples below.
Old MetadataProvider
Code Block language xml titleOld MetadataProvider collapse true <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> <MetadataFilter type="Signature" certificate="fedsigner.pem"/> </MetadataProvider> <MetadataProvider type="XML" file="idp-metadata.xml"/>
New MetadataProvider
Code Block language xml title New MetadataProvider collapse true <MetadataProvider type="XML" url="http://federation.org/federation-metadata.xml" backingFilePath="federation-metadata.xml" reloadInterval="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> <MetadataFilter type="Signature" certificate="fedsigner.pem"/> </MetadataProvider> <MetadataProvider type="XML" path="idp-metadata.xml"/>
Alternatively you can start with the default shibboleth2.xml.dist file and transfer your settings to a new copy of shibboleth2.xml, but that has a tendency to break things because it's hard to reproduce complex settings accurately.
The V3 default filename remains "shibboleth2.xml" to facilitate the upgrade process. Any settings that are flagged with warnings may be removed from the updated XML schema and prevent the system from loading the file if the namespace is updated, so they should be corrected as part of the process and once the system is operating with the new file you're done.
...