edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Ian Young <ian AT iay.org.uk>
- To: Jan Tomasek <jan.tomasek AT cesnet.cz>
- Cc: edugain-discuss AT geant.net
- Subject: Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?
- Date: Tue, 27 Aug 2013 18:20:15 +0100
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass header.i= AT iay.org.uk
- List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
- List-id: eduGAIN discussion list <edugain-discuss.geant.net>
On 27 Aug 2013, at 11:09, Jan Tomasek <jan.tomasek AT cesnet.cz> wrote:
> I'm facing problems with OpenAthens Service Provider which is getting
> crazy of this:
>
> <ds:X509SerialNumber>331672357796567899002876163212412578804</ds:X509SerialNumber>
>
> being too big integer. The problem is within schema
> xmldsig-core-schema-fixed.xsd which defines X509SerialNumber as number
> instead. For eduID.cz I'm using fixed schema with definition:
>
> <simpleType name="X509SerialNumberType">
> <restriction base="string">
> <pattern value="[0-9][0-9]*"/>
> <maxLength value="48"/>
> </restriction>
> </simpleType>
>
> I'm not sure why some SP put this into metadata, but I'm trying to
> respect them and republish their metadata within eduID.cz.
There are several SAML implementations that have this kind of problem. It's
down to the XML processing library used by the particular implementation, so
it can be difficult for the SAML developer to avoid.
> Opinions? Suggestions?
In the UK federation metadata, we discard ds:X509SerialNumber from all
metadata from whatever source to avoid it. This is not an element which
actually provides information used by any SAML implementation that I know of
so removing it has no effect on anything.
-- Ian
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 27-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 08/27/2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Jan Tomasek, 28-Aug-2013
- Re: [eduGAIN-discuss] Removing X509SerialNumber from metadata?, Ian Young, 08/27/2013
Archive powered by MHonArc 2.6.19.