Skip to Content.
Sympa Menu

edugain-discuss - [eduGAIN-discuss] Warning: SP with entityID https://bachelor.accessiblelearning.com/sp

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

[eduGAIN-discuss] Warning: SP with entityID https://bachelor.accessiblelearning.com/sp


Chronological Thread 
    < Chronological >      < Thread >
  • From: Nick Roy <nroy AT internet2.edu>
  • To: edugain-discuss <edugain-discuss AT lists.geant.org>
  • Subject: [eduGAIN-discuss] Warning: SP with entityID https://bachelor.accessiblelearning.com/sp
  • Date: Mon, 9 Sep 2019 16:50:23 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2G4clKpEj5S9U4xqiixqRyO1gV8z8orPZ+ahebyz7WU=; b=UoJcTIlSlImz0qXa+ZHLIQoOO9D7YFB9nvinbuLgVluNBbi7Un7UUDQ+fufGKimnIOP2pWxLymnICihIFwwYMKfBzvbty3jm6J/13A2xXlcLoSg1Wu/bHTXzVi3PcfMje1CrupicHOgqLL+kh+HE7sjsym5AhLy+EzX6+oBaEIo81SLC4ppvlZQsAPYB+2Z5KBF4OYqrBc8mr1xwAicr6iKP1eXUxfw+7MeBsWoDlX0/fqJYR5/YeG3VpLZgpjnGoyfj9YPk9oSFmpijNxj1ZmHKtng1+CZjM9DmimqoZfG49mC6anS1UZW/ZCs8ceW0UdqJGU+99AfVWg41nIhllA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MF5ehTr9RuvD5s0ctGM7U59u7leCnTnvpZ/mJZCo9ue2qPF9XY7FUm0Ze+90rfZtH2FWMoAF7iuLgYb02OCvMGmQs5PkvT+uz42orlPdrb9gNzeOu8oOANq135j69b82134jk1p3qHS5nQ/Duu8/S6OuO8FLGn/ESV7ju8ebMikbhM+E6wfy45WiMxBiYMi4L28tUjQ9FaVaT8jGCz/LM4ixXheUfO1g8jIUaC4ygMXHIEEoQVhQh5dSUimBK3sDl4UCWyW6nGkzPr5a/6n9/emr5/dzIkghnms6sXzWdIA9AOUj1RwW95gsxWpg1H8RW9Z6zig6a3ZJMUeQ46oIcw==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=nroy AT internet2.edu;
Hello,

This morning, US Mountain Daylight Time, InCommon support was contacted by an
InCommon Participant running Microsoft ADFS as their IdP. Their IdP is
running ADFSToolkit (http://adfstoolkit.org) and they reported failing to
verify the signature on InCommon metadata. This turned out to be due to a
recently-added SP with entityID https://bachelor.accessiblelearning.com/sp
containing a special character, a hard carriage return, in its
mdui:Description and ServiceDescription. This character is rendered in
metadata as &#13;, and is known to cause some SAML implementations to derive
the wrong hash for canonicalized metadata when verifying signature. The
affected SP was exported to eduGAIN on September 4, 2019. The fixed metadata
should be exported to eduGAIN this afternoon at approximately 13:30 US MDT.
We are working on a fix to our federation manager software to prevent input
of similar characters in the future.

Best Regards,

Nick Roy
Director of Technology and Strategy
InCommon

Attachment: signature.asc
Description: OpenPGP digital signature


  • [eduGAIN-discuss] Warning: SP with entityID https://bachelor.accessiblelearning.com/sp, Nick Roy, 09/09/2019

Archive powered by MHonArc 2.6.19.

Top of Page