Metadata Issue

[Peter Schober]

* Thomas Jones <thomas.jones.g at gmail.com> [2013-10-31 16:32]:
> Peter I don't understand:
> 
> > Note that for locally managed metadata there's no gain in having
> > any validUntil on the EntityDescriptor. So leaving that out is one
> > possibility.
> 
> Since you mention that validUntil is useless in this context, how can I
> make a local managed metadata expired?

I meant maintaining a validUntil XML attribute (value) on the
EntityDescriptor for a static, unsigned, local file (if that is in
fact what you'd doing), doesn't add anything useful. So I suggested to
remove the validUntil attribute from the local file. Then it simply
cannot expire. It's local to your IdP, so you have other ways of
dealing with that entity.

> > The other one is setting requireValidMetadata="false" on the IdP's
> > MetadataProvider for that custom relying party, but I see you
> > already have that (so either way an expired EntityDescriptor from
> > a local file shouldn't disrupt operations).
> > -peter
> 
> is not that what is happening? (the operation it's been
> disrupted). Due the fact that the EntityDescriptor is not valid (I'm
> assuming that the reason is because it has expired) is showing that
> it's treating the relyingParty as anonymous, right?

What I meant to say (maybe I didn't, English is not my native
language): The fact that you already had requireValidMetadata="false"
on the metadata provider for that local file should rule out expired
entities based on the value of validUntil. So watever is or isn't in
validUntil (or whether there is such an attribute in the XML at all)
should /not/ cause the entity to expire (i.e, should not disrupt
operations by treating the entity as an anonymous RP).
Now you're saying it did disrupt operations, so I don't have an
explanation for that other than that it's either a bug and/or it
cannot have anything to do with validUntil.
-peter