Bug#836898: shibboleth-sp2-common: schema problems - "configuration is invalid"
Jonathan Champ
royanee at gmail.com
Tue Sep 6 22:15:47 UTC 2016
Package: shibboleth-sp2-common
Version: 2.6.0+dfsg1-3
Severity: important
Tags: patch
Dear Maintainer,
* What led up to the situation?
Updated shibboleth from previous 2.5.x; two packages refused to
install due to configuration errors.
* What was the result of updating?
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : fatal error
on line 0, column 0, message: unable to open primary document entity
'/catalog.xml'
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : catalog
loader caught exception: XML error(s) during parsing, check log for
specifics
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : fatal error
on line 0, column 0, message: unable to open primary document entity
'/saml20-catalog.xml'
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : catalog
loader caught exception: XML error(s) during parsing, check log for
specifics
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : fatal error
on line 0, column 0, message: unable to open primary document entity
'/saml11-catalog.xml'
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : catalog
loader caught exception: XML error(s) during parsing, check log for
specifics
2016-09-06 17:31:45 WARN XMLTooling.ParserPool : warning on
line 0, column 0, message: unable to open primary document entity
'/usr/share/xml/shibboleth/xmldsig-core-schema.xsd'
2016-09-06 17:31:45 WARN XMLTooling.ParserPool : warning on
line 0, column 0, message: unable to open primary document entity
'/usr/share/xml/shibboleth/xml.xsd'
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : error on
line 143, column 56, message: namespace
'http://www.w3.org/XML/1998/namespace' is referenced without import
declaration
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : error on
line 254, column 56, message: namespace
'http://www.w3.org/2000/09/xmldsig#' is referenced without import
declaration
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : error on
line 254, column 56, message: referenced element 'ds:Signature' not
found
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : error on
line 277, column 31, message: namespace
'http://www.w3.org/2000/09/xmldsig#' is referenced without import
declaration
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : error on
line 277, column 31, message: referenced element 'ds:KeyInfo' not
found
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : error on
line 291, column 48, message: namespace
'http://www.w3.org/2000/09/xmldsig#' is referenced without import
declaration
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : error on
line 291, column 48, message: referenced element 'ds:Signature' not
found
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : fatal error
on line 1, column 1, message: invalid document structure
2016-09-06 17:31:45 ERROR XMLTooling.ParserPool : fatal error
on line 9, column 154, message: fatal error during schema scan
2016-09-06 17:31:45 ERROR Shibboleth.Config : error while
loading resource (/etc/shibboleth/shibboleth2.xml): XML error(s)
during parsing, check log for specifics
2016-09-06 17:31:45 FATAL Shibboleth.Config : caught
exception while loading configuration: XML error(s) during parsing,
check log for specifics
<3>configuration is invalid, check console for specific problems
* What exactly did you do to try and address the situation?
I used "/usr/sbin/shibd -t" to test the configuration changes I
added this to console.logger to debug the problem:
log4j.category.XMLTooling.ParserPool=DEBUG
Finally, modified the /usr/share/xml/shibboleth/catalog.xml file
to add the six required lines:
<system systemId="http://www.w3.org/XML/1998/namespace"
uri="/usr/share/xml/xmltooling/xml.xsd"/>
<system systemId="http://www.w3.org/2001/04/xmlenc#"
uri="/usr/share/xml/xmltooling/xenc-schema.xsd"/>
<system systemId="http://www.w3.org/2000/09/xmldsig#"
uri="/usr/share/xml/xmltooling/xmldsig-core-schema.xsd"/>
<system systemId="urn:oasis:names:tc:SAML:2.0:assertion"
uri="/usr/share/xml/opensaml/saml-schema-assertion-2.0.xsd"/>
<system systemId="urn:oasis:names:tc:SAML:2.0:protocol"
uri="/usr/share/xml/opensaml/saml-schema-protocol-2.0.xsd"/>
<system systemId="urn:oasis:names:tc:SAML:2.0:metadata"
uri="/usr/share/xml/opensaml/saml-schema-metadata-2.0.xsd"/>
* What was the outcome from this action?
The service started successfully, despite some suspicious error messages.
2016-09-06 17:33:03 ERROR XMLTooling.ParserPool : fatal error
on line 0, column 0, message: unable to open primary document entity
'/catalog.xml'
2016-09-06 17:33:03 ERROR XMLTooling.ParserPool : catalog
loader caught exception: XML error(s) during parsing, check log for
specifics
2016-09-06 17:33:03 ERROR XMLTooling.ParserPool : fatal error
on line 0, column 0, message: unable to open primary document entity
'/saml20-catalog.xml'
2016-09-06 17:33:03 ERROR XMLTooling.ParserPool : catalog
loader caught exception: XML error(s) during parsing, check log for
specifics
2016-09-06 17:33:03 ERROR XMLTooling.ParserPool : fatal error
on line 0, column 0, message: unable to open primary document entity
'/saml11-catalog.xml'
2016-09-06 17:33:03 ERROR XMLTooling.ParserPool : catalog
loader caught exception: XML error(s) during parsing, check log for
specifics
overall configuration is loadable, check console for non-fatal problems
* What else would you like the maintainer to know?
There were a few other suspicious messages at the DEBUG level:
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
with baseURI /usr/share/xml/shibboleth/shibboleth-2.0-afp.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd),
blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve classpath:/schema/shibboleth-2.0-afp.xsd with baseURI
/usr/share/xml/shibboleth/shibboleth-2.0-afp-mf-basic.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(classpath:/schema/shibboleth-2.0-afp.xsd), blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve classpath:/schema/shibboleth-2.0-afp.xsd with baseURI
/usr/share/xml/shibboleth/shibboleth-2.0-afp-mf-saml.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(classpath:/schema/shibboleth-2.0-afp.xsd), blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
with baseURI /usr/share/xml/opensaml/saml-schema-assertion-2.0.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd),
blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd
with baseURI /usr/share/xml/opensaml/saml-schema-assertion-2.0.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd),
blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
with baseURI /usr/share/xml/opensaml/saml-schema-protocol-2.0.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd),
blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
with baseURI /usr/share/xml/opensaml/saml-schema-metadata-2.0.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd),
blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd
with baseURI /usr/share/xml/opensaml/saml-schema-metadata-2.0.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request
(http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd),
blocking it
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool : asked to
resolve http://www.w3.org/2001/xml.xsd with baseURI
/usr/share/xml/opensaml/saml-schema-metadata-2.0.xsd
2016-09-06 17:33:03 DEBUG XMLTooling.ParserPool :
unauthorized entity request (http://www.w3.org/2001/xml.xsd), blocking
it
I'm not sure what the correct solution is, but I was able to
make those messages go away, by removing the file path from the
schemaLocation and leaving only the filename.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-- Configuration Files:
/etc/shibboleth/attribute-map.xml changed [not included]
/etc/shibboleth/shibboleth2.xml changed [not included]
-- no debconf information
-- debsums errors found:
debsums: changed file /usr/share/xml/shibboleth/catalog.xml (from
shibboleth-sp2-common package)
More information about the Pkg-shibboleth-devel
mailing list