Hi, I have the following IdP configuration with the prefix "SHARED_" added to the IdentityProviderName as per the doc in [1]. This fails with a complain that no claim mappings are returned from the DB under the same IDP_ID. Is this a valid check to be done or can this be called a bug?
<IdentityProvider> <IdentityProviderName>SHARED_Corporate</IdentityProviderName> <DisplayName>Corporate</DisplayName> <IdentityProviderDescription></IdentityProviderDescription> <Alias>https://localhost:9444/oauth2/token</Alias> <IsPrimary></IsPrimary> <IsEnabled>true</IsEnabled> <IsFederationHub></IsFederationHub> <HomeRealmId></HomeRealmId> <ProvisioningRole></ProvisioningRole> <FederatedAuthenticatorConfigs> <saml2> <Name>SAMLSSOAuthenticator</Name> <DisplayName>samlsso</DisplayName> <IsEnabled>true</IsEnabled> <Properties> <property> <Name>IdpEntityId</Name> <Value>url</Value> </property> <property> <Name>IsLogoutEnabled</Name> <Value>false</Value> </property> <property> <Name>SPEntityId</Name> <Value>id</Value> </property> <property> <Name>SSOUrl</Name> <Value>url</Value> </property> <property> <Name>isAssertionSigned</Name> <Value>true</Value> </property> <property> <Name>commonAuthQueryParams</Name> <Value></Value> </property> <property> <Name>IsUserIdInClaims</Name> <Value>true</Value> </property> <property> <Name>IsLogoutReqSigned</Name> <Value>false</Value> </property> <property> <Name>IsAssertionEncrypted</Name> <Value>false</Value> </property> <property> <Name>IsAuthReqSigned</Name> <Value>false</Value> </property> <property> <Name>IsAuthnRespSigned</Name> <Value>false</Value> </property> <property> <Name>LogoutReqUrl</Name> <Value>false</Value> </property> </Properties> </saml2> </FederatedAuthenticatorConfigs> <DefaultAuthenticatorConfig>SAMLSSOAuthenticator</DefaultAuthenticatorConfig> <ProvisioningConnectorConfigs></ProvisioningConnectorConfigs> <DefaultProvisioningConnectorConfig></DefaultProvisioningConnectorConfig> <ClaimConfig> <LocalClaimDialect>false</LocalClaimDialect> <ClaimMappings> <ClaimMapping> <LocalClaim> <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri> </LocalClaim> <RemoteClaim> <ClaimUri> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name</ClaimUri> </RemoteClaim> </ClaimMapping> <ClaimMapping> <LocalClaim> <ClaimUri>http://wso2.org/claims/role</ClaimUri> </LocalClaim> <RemoteClaim> <ClaimUri> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</ClaimUri> </RemoteClaim> </ClaimMapping> <ClaimMapping> <LocalClaim> <ClaimUri>http://wso2.org/claims/givenname</ClaimUri> </LocalClaim> <RemoteClaim> <ClaimUri> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</ClaimUri> </RemoteClaim> </ClaimMapping> <ClaimMapping> <LocalClaim> <ClaimUri>http://wso2.org/claims/lastname</ClaimUri> </LocalClaim> <RemoteClaim> <ClaimUri> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</ClaimUri> </RemoteClaim> </ClaimMapping> <ClaimMapping> <LocalClaim> <ClaimUri>http://wso2.org/claims/uid</ClaimUri> </LocalClaim> <RemoteClaim> <ClaimUri> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid</ClaimUri> </RemoteClaim> </ClaimMapping> </ClaimMappings> </ClaimConfig> <Certificate></Certificate> <PermissionAndRoleConfig></PermissionAndRoleConfig> <JustInTimeProvisioningConfig></JustInTimeProvisioningConfig> </IdentityProvider> [2016-07-27 16:58:13,624] ERROR {org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent} - Error while loading idp from file system. org.wso2.carbon.idp.mgt.IdentityProviderManagementException: No Identity Provider claim URIs defined for tenant -1234 at org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.addIdPClaimMappings(IdPManagementDAO.java:2121) at org.wso2.carbon.idp.mgt.dao.IdPManagementDAO.addIdP(IdPManagementDAO.java:1562) at org.wso2.carbon.idp.mgt.dao.CacheBackedIdPMgtDAO.addIdP(CacheBackedIdPMgtDAO.java:238) at org.wso2.carbon.idp.mgt.IdentityProviderManager.addIdP(IdentityProviderManager.java:1190) at org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent.buildFileBasedIdPList(IdPManagementServiceComponent.java:211) at org.wso2.carbon.idp.mgt.internal.IdPManagementServiceComponent.activate(IdPManagementServiceComponent.java:167) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260) at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146) at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345) at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620) at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197) at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343) at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222) at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107) [1] https://docs.wso2.com/display/IS510/Configuring+a+SP+and+IdP+Using+Configuration+Files -- *Gayan Kaushalya Yalpathwala* Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware LK: +94 71 868 2704 UK: +44 747 844 3609 <http://asia14.wso2con.com/>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev