edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
[eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
Chronological Thread
- From: "Zenon Mousmoulas" <zmousm AT noc.grnet.gr>
- To: edugain-ot AT lists.geant.org
- Cc: edugain-discuss AT lists.geant.org
- Subject: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
- Date: Wed, 18 Sep 2019 06:09:46 +0000
Hi,
the eduGAIN aggregate feed currently (since last night) contains an
EntityDescriptor that looks like this:
<md:EntityDescriptor
entityID="https://accounts.ulbsibiu.ro/simplesaml/saml2/idp/metadata.php">
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#pfx44c17c25-60d9-23df-33f8-e68b60e775ed">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>/xIcnvqd7arPwlNnZ55yxbBZEL4GYYWLy8iOZwBSZwc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<!-- [...] -->
The reference URI is invalid. This has some side effects, among which some
older version of pyFF/pyXMLSecurity gets confused by such a signature and
bails out.
I suppose this signature should have been stripped at some point.
Right?
Thanks,
Z.
- [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Zenon Mousmoulas, 09/18/2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
Archive powered by MHonArc 2.6.19.