edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
Chronological Thread
- From: Valeriu Vraciu <valeriu AT roedu.net>
- To: edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
- Date: Wed, 18 Sep 2019 11:23:00 +0300
Hi,
It was a signature from the IdP, so now it is removed from metadata
aggregate. If there are any other issues related to RoEduNetID please
contact, for sure there are some (the same IdP has an expired
certificate, we are working with ULBSIBIU to solve this - should we
remove IdP information from aggregate ? although validation tool gives
just a warning).
Best wishes,
Valeriu.
On 18/09/2019 09:28, Wolfgang Pempe wrote:
> Hi,
>
> Am 18.09.19 um 08:09 schrieb Zenon Mousmoulas:
>> Hi,
>>
>> the eduGAIN aggregate feed currently (since last night) contains an
>> EntityDescriptor that looks like this:
>>
>> <md:EntityDescriptor
>> entityID="https://accounts.ulbsibiu.ro/simplesaml/saml2/idp/metadata.php">
>>
>> <ds:Signature>
>> <ds:SignedInfo>
>> <ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> <ds:SignatureMethod
>> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>> <ds:Reference URI="#pfx44c17c25-60d9-23df-33f8-e68b60e775ed">
>> <ds:Transforms>
>> <ds:Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>> <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>> </ds:Transforms>
>> <ds:DigestMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>>
>> <ds:DigestValue>/xIcnvqd7arPwlNnZ55yxbBZEL4GYYWLy8iOZwBSZwc=</ds:DigestValue>
>>
>> </ds:Reference>
>> </ds:SignedInfo>
>> <!-- [...] -->
>>
>> The reference URI is invalid. This has some side effects, among which
>> some older version of pyFF/pyXMLSecurity gets confused by such a
>> signature and bails out.
>
> The schema validation by the xmlsectool also fails. We're currently not
> able to update our downstream metadata.
>
> Best regards,
> Wolfgang
>
>>
>> I suppose this signature should have been stripped at some point.
>>
>> Right?
>>
>> Thanks,
>> Z.
>>
>
--
Valeriu Vraciu
RoEduNet
Attachment:
signature.asc
Description: OpenPGP digital signature
- [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Zenon Mousmoulas, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 09/18/2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 09/18/2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Dick Visser, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Leif Johansson, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Dick Visser, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
Archive powered by MHonArc 2.6.19.