Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-1411

Deprecated warnings present in 3.3.3 are missing from 3.4.0 through 3.4.3

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: 3.4.0, 3.4.1, 3.4.2, 3.4.3
    • Fix Version/s: None
    • Component/s: Attribute Resolver
    • Labels:
    • Environment:

      RHEL

    • Operating System:
      Linux
    • Java Version:
      Oracle Java 8
    • Servlet Container:
      Jetty 9.3

      Description

      Filing this per your request on the following shibboleth-users list thread

      http://shibboleth.1660669.n2.nabble.com/Deprecated-warning-question-inconsistency-td7641444.html

      These warnings presented in IdP v3.3.3 have disappeared from IdP 3.4.0, 3.4.1, 3.4.2, and 3.4.3:

      shibidp-20181017T0000.log:2018-10-17T21:55:46-04:00 sso1 [Shibboleth-Process: 78] |||Attribute Definition 'delDate': Configuration contains at least one element in the deprecated 'urn:mace:shibboleth:2.0:resolver' namespace.
      shibidp-20181017T0000.log:2018-10-17T21:55:46-04:00 sso1 [Shibboleth-Process: 80] |||Configuration contains at least one element in the deprecated 'urn:mace:shibboleth:2.0:attribute:encoder' namespace.
      shibidp-20181017T0000.log:2018-10-17T21:55:46-04:00 sso1 [Shibboleth-Process: 117] |||Data Connector 'BUAD': Configuration contains at least one element in the deprecated 'urn:mace:shibboleth:2.0:resolver:dc' namespace.
      shibidp-20181017T0000.log:2018-10-17T21:55:47-04:00 sso1 [Shibboleth-Process: 168] |||Data Connector 'BUAD': Use of default JVM trust store will be removed in the next major version of this software; replacement is trustFile attribute
      shibidp-20181017T0000.log:2018-10-17T21:55:47-04:00 sso1 [Shibboleth-Process: 168] |||Data Connector 'Applicants': Use of default JVM trust store will be removed in the next major version of this software; replacement is trustFile attribute

      I feel these should still be logged in the 3.4.x code to aid in more seamless 4.0 upgrades.

      Here are the configuration snippets from attribute-resolver.xml that I believe were causing these deprecation warnings:

      <resolver:AttributeDefinition xsi:type="Mapped" xmlns="urn:mace:shibboleth:2.0:resolver:ad" id="delDate" sourceAttributeID="description">
      <resolver:Dependency ref="BUAD" />
      <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="https://shibidp.bloomu.edu/attributes/delDate" friendlyName="delDate"/>
      <ValueMap>
      <ReturnValue>$1</ReturnValue>
      <SourceValue ignoreCase="true">.Delete scheduled for (\d{1,2}/\d{1,2}/\d{4}).</SourceValue>
      </ValueMap>
      </resolver:AttributeDefinition>

      <resolver:AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad" scope="bloomu.edu" sourceAttributeID="eduPersonAffiliation">
      <resolver:Dependency ref="eduPersonAffiliation" />
      <resolver:AttributeEncoder xsi:type="SAML1ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
      <resolver:AttributeEncoder xsi:type="SAML2ScopedString" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
      </resolver:AttributeDefinition>

      <resolver:DataConnector xsi:type="dc:LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
      id="BUAD"
      ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
      baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
      principal="%{idp.attribute.resolver.LDAP.bindDN}"
      principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
      connectionStrategy="RANDOM"
      useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}">
      <dc:FilterTemplate>
      <![CDATA[
      (|(userPrincipalName=$requestContext.principalName)(sAMAccountName=$requestContext.principalName))
      ]]>
      </dc:FilterTemplate>
      <dc:LDAPProperty name="java.naming.ldap.attributes.binary" value="objectGUID"/>
      <dc:StartTLSAuthenticationCredential xsi:type="security:X509ResourceBacked" xmlns:security="urn:mace:shibboleth:2.0:security" id="LDAPtoIdPCredential">
      <security:PrivateKey>%{idp.attribute.resolver.LDAP.authenticationKey}</security:PrivateKey>
      <security:Certificate>%{idp.attribute.resolver.LDAP.authenticationCertificate}</security:Certificate>
      </dc:StartTLSAuthenticationCredential>
      </resolver:DataConnector>

      <resolver:DataConnector xsi:type="dc:LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
      id="Applicants"
      ldapURL="%{idp.attribute.resolver.LDAP.ldapURL2}"
      baseDN="%{idp.attribute.resolver.LDAP.baseDN2}"
      principal="%{idp.attribute.resolver.LDAP.bindDN2}"
      principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential2}"
      connectionStrategy="RANDOM"
      useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}">
      <dc:FilterTemplate>
      <![CDATA[
      (userPrincipalName=$requestContext.principalName)
      ]]>
      </dc:FilterTemplate>
      </resolver:DataConnector>

       

      Also attaching the logs and configuration snippets in a file in case it helps with formatting.  Thank you.

       

        Attachments

          Activity

            People

            Assignee:
            rdw@iay.org.uk Rod Widdowson
            Reporter:
            vkozlek@bloomu.edu Vincent Kozlek
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: