Shibd process dying whenever a required attributeService endpoint for a SP is not available

Closing after releases.

No, you would never have an AA element if the IdP isn't acting as one. The extensions and keys are per-role, not per-entity. The real problem is that we accidentally defined the original Scope extension at the role level, and that referencing keys across documents doesn't work well in XML Signature.

And no, you cannot have an AA role without an AttributeService, by definition.

You're right I will fix our metadata right now.
If the IdP did not configure the AA endpoint should we keep an AttributeAuthorityDescriptor element for this IdP in the federation metadata? I guess the answer is yes because the Extensions and KeyDescriptor are still needed.

The other option is to only remove the AttributeService for this IdP but if I do so I get errors while signing the metadata with metadatatool (distributed with Shibboleth IdP 1.3). The error I get : "Exception in thread "main" org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'NameIDFormat'. One of '{"urn:oasis:names:tc:SAML:2.0:metadata":KeyDescriptor, "urn:oasis:names:tc:SAML:2.0:metadata":Organization, "urn:oasis:names:tc:SAML:2.0:metadata":ContactPerson, "urn:oasis:names:tc:SAML:2.0:metadata":AttributeService}' is expected"

Is this problem with metadatatool or a SAML conpliance problem?
Or am I forced to define an AA for each and every IdP even if it's a dummy one?

Thanks.

Also appears as though I neglected to perform non-schema-based validation of metadata after parsing it, which I think would have caught this. But note when I change that, the metadata will start failing to load. Probably a good thing, but may catch a lot of mistakes.

Initial fix:
http://svn.middleware.georgetown.edu/view/cpp-sp?view=rev&revision=2941

Will add more fixes to SOAP client classes to detect NULL input for location to make sure the other code paths aren't affected in the future.