edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
Chronological Thread
- From: Dick Visser <dick.visser AT geant.org>
- To: Peter Schober <peter.schober AT univie.ac.at>
- Cc: edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata
- Date: Wed, 18 Sep 2019 11:48:34 +0200
This could be a nice addition for @Rhys Smith 's script that generates
https://www.ukfederation.org.uk/fed/edugain-import-log-with-diff.txt.
If a signing certificate is issued by Let's Encrypt, then it is highly
likely that it will be automagically replaced at regular intervals,
thereby breaking things.
Although technically correct, IMHO this should trigger an error.
I've noticed this issue as well with SPs that connect to the GEANT SAML proxy.
SP operators apparently "need a certificate", and when they find one
that is used for the web server, it's just too tempting to not use it.
DIck
On Wed, 18 Sep 2019 at 11:03, Peter Schober <peter.schober AT univie.ac.at>
wrote:
>
> * Zenon Mousmoulas <zmousm AT noc.grnet.gr> [2019-09-18 08:09]:
> > I suppose this signature should have been stripped at some point.
>
> FWIW, that Signature never made it into our aggregates since I run
> (a slightly modified version of) pyff's tidy.xsl script on all imports:
> https://github.com/IdentityPython/pyFF/blob/master/src/pyff/xslt/tidy.xsl
>
> Thanks, @leifj!
>
> (My own modification relates to the old WS-* XSD schema validation issue,
> https://lists.geant.org/sympa/arc/edugain-discuss/2014-11/msg00031.html
> I'll send a PR for that to get that one-line addition included upstream.)
>
> -peter
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, (continued)
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Wolfgang Pempe, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Davide Vaghetti, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Valeriu Vraciu, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Dick Visser, 09/18/2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Peter Schober, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Leif Johansson, 18-Sep-2019
- Re: [eduGAIN-discuss] EntityDescriptor-embedded signature with invalid reference URI in eduGAIN metadata, Dick Visser, 09/18/2019
Archive powered by MHonArc 2.6.19.