Hi,
I have the following IdP configuration with the prefix "SHARED_" added to
the IdentityProviderName as per the doc in [1]. This fails with a complain
that no claim mappings are returned from the DB under the same IDP_ID. Is
this a valid check to be done or can this be called a bug?
<IdentityProvider>
<IdentityProviderName>SHARED_Corporate</IdentityProviderName>
<DisplayName>Corporate</DisplayName>
<IdentityProviderDescription></IdentityProviderDescription>
<Alias>https://localhost:9444/oauth2/token</Alias>
<IsPrimary></IsPrimary>
<IsEnabled>true</IsEnabled>
<IsFederationHub></IsFederationHub>
<HomeRealmId></HomeRealmId>
<ProvisioningRole></ProvisioningRole>
<FederatedAuthenticatorConfigs>
<saml2>
<Name>SAMLSSOAuthenticator</Name>
<DisplayName>samlsso</DisplayName>
<IsEnabled>true</IsEnabled>
<Properties>
<property>
<Name>IdpEntityId</Name>
<Value>url</Value>
</property>
<property>
<Name>IsLogoutEnabled</Name>
<Value>false</Value>
</property>
<property>
<Name>SPEntityId</Name>
<Value>id</Value>
</property>
<property>
<Name>SSOUrl</Name>
<Value>url</Value>
</property>
<property>
<Name>isAssertionSigned</Name>
<Value>true</Value>
</property>
<property>
<Name>commonAuthQueryParams</Name>
<Value></Value>
</property>
<property>
<Name>IsUserIdInClaims</Name>
<Value>true</Value>
</property>
<property>
<Name>IsLogoutReqSigned</Name>
<Value>false</Value>
</property>
<property>
<Name>IsAssertionEncrypted</Name>
<Value>false</Value>
</property>
<property>
<Name>IsAuthReqSigned</Name>
<Value>false</Value>
</property>
<property>
<Name>IsAuthnRespSigned</Name>
<Value>false</Value>
</property>
<property>
<Name>LogoutReqUrl</Name>
<Value>false</Value>
</property>
</Properties>
</saml2>
</FederatedAuthenticatorConfigs>
<DefaultAuthenticatorConfig>SAMLSSOAuthenticator</DefaultAuthenticatorConfig>
<ProvisioningConnectorConfigs></ProvisioningConnectorConfigs>
<DefaultProvisioningConnectorConfig></DefaultProvisioningConnectorConfig>
<ClaimConfig>
<LocalClaimDialect>false</LocalClaimDialect>
<ClaimMappings>
<ClaimMapping>
<LocalClaim>
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
</LocalClaim>
<RemoteClaim>
<ClaimUri>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name</ClaimUri>
</RemoteClaim>
</ClaimMapping>
<ClaimMapping>
<LocalClaim>
<ClaimUri>http://wso2.org/claims/role</ClaimUri>
</LocalClaim>
<RemoteClaim>
<ClaimUri>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</ClaimUri>
</RemoteClaim>
</ClaimMapping>
<ClaimMapping>
<LocalClaim>
<ClaimUri>http://wso2.org/claims/givenname</ClaimUri>
</LocalClaim>
<RemoteClaim>
<ClaimUri>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</ClaimUri>
</RemoteClaim>
</ClaimMapping>
<ClaimMapping>
<LocalClaim>
<ClaimUri>http://wso2.org/claims/lastname</ClaimUri>
</LocalClaim>
<RemoteClaim>
<ClaimUri>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</ClaimUri>
</RemoteClaim>
</ClaimMapping>
<ClaimMapping>
<LocalClaim>
<ClaimUri>http://wso2.org/claims/uid</ClaimUri>
</LocalClaim>
<RemoteClaim>
<ClaimUri>
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid</ClaimUri>
</RemoteClaim>
</ClaimMapping>
</ClaimMappings>
</ClaimConfig>
<Certificate></Certificate>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
<JustInTimeProvisioningConfig></JustInTimeProvisioningConfig>
</IdentityProvider>
[2016-07-27 16:58:13,624] ERROR
{org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent} - Error
while loading idp from file system.
org.wso2.carbon.idp.mgt.IdentityProviderManagementException: No Identity
Provider claim URIs defined for tenant -1234
at
org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.addIdPClaimMappings(IdPManagementDAO.java:2121)
at
org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.addIdP(IdPManagementDAO.java:1562)
at
org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO.addIdP(CacheBackedIdPMgtDAO.java:238)
at
org.wso2.carbon.idp.mgt.IdentityProviderManager.addIdP(IdentityProviderManager.java:1190)
at
org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent.buildFileBasedIdPList(IdPManagementServiceComponent.java:211)
at
org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent.activate(IdPManagementServiceComponent.java:167)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at
org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at
org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at
org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)
[1]
https://docs.wso2.com/display/IS510/Configuring+a+SP+and+IdP+Using+Configuration+Files
--
*Gayan Kaushalya Yalpathwala*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
LK: +94 71 868 2704
UK: +44 747 844 3609
<http://asia14.wso2con.com/>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
