Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update


Chronological Thread 
  • From: Etienne Dysli Metref <etienne.dysli-metref AT switch.ch>
  • To: Ian Young <ian AT iay.org.uk>
  • Cc: <edugain-discuss AT lists.geant.org>
  • Subject: Re: [eduGAIN-discuss] eduGAIN SAML profile and MDS update
  • Date: Mon, 25 Nov 2019 14:03:16 +0100
  • Organization: SWITCH

On 25/11/2019 11.39, Ian Young wrote:
> I'd really prefer not to speculate on a version that old. You should
> migrate to the current version (0.9.2) as soon as you can.

Is there any argument speaking for the urgency of such an upgrade?

I'll have to carefully plan that together with xmlsectool and MDA
configuration upgrades. I broke the SWITCHaai federation once, I'm not
eager to repeat the experience...

> The current `clean-import.xsl` transform just uses the endorsed Xalan
> and the associated extension library to wrap X.509 certificates. If you
> remove that template, and the associated namespace definition, you
> should be fine without an endorsed Xalan.

I found out I could modify that template as was done in [1] to avoid
using this extension:

<xsl:template match="ds:X509Certificate">
<xsl:element name="ds:X509Certificate">
<xsl:text>&#10;</xsl:text>
<xsl:value-of select="translate(normalize-space(.),'
','&#x0a;')"/>
<xsl:text>&#10;</xsl:text>
</xsl:element>
</xsl:template>

This has the same effect, except breaking lines at 64 characters, so
I'll go with that.

Cheers,
Etienne

[1]
https://github.internet2.edu/InCommon/inc-meta/commit/8db4b4d792cb2e9517e94a1380da2944eda348d5

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page