AttributeScopeMatchesShibMDScope

[Ian Young]

On 14 Sep 2011, at 01:48, Liam Hoekenga wrote:

> The federation metadata file is there now.

I can see that you've unwrapped those items now so presumably your problem is solved.  However, I can see a lot of other elements whose content you're still doing interesting things with, such as OrganizationURL and OrganizationDisplayName.

> One of my current stages of processing the metadata reformats it in an  
> effort to make it pretty. :\

Pretty-printing XML is, as you're discovering, only safe if you are very sure about the content model and the context of use.  XML processors only guarantee to strip white space from "string like" values if they are parsing in a schema-aware way, which means that as Scott implies what you get depends both on that and whether the application is trimming white space off itself.  Some do, some don't, some do it on some values and not others.

Interestingly enough, looking at my validation suite for the UK federation, we're already enforcing a "no space characters" rule in scope values.  There's a note in there that although the spec doesn't talk about this, that it's a problem for "some software".  The mists of time have obscured the original culprit, I'm afraid.

Needless to say I will be adding "and no newlines, neither" to the ruleset ;-)

Our validation suite also flags up a number of your other pretty-printed values as being potentially problematic.  I'd suggest simply not doing this kind of thing if you need compatibility.  If you want things to look pretty, products like oXygen have fairly conservative pretty-printers you can use without much danger of breaking anything important.

	-- Ian



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3725 bytes
Desc: not available
Url : http://shibboleth.net/pipermail/users/attachments/20110914/3c393075/attachment.bin