SOAP SLO handler: what would it be used for?

Wessel, Keith kwessel at
Fri Apr 18 16:51:14 EDT 2014

Amusingly, I just ran into the same issue with AAF's federation registry that we're using for our regional federation. It goes further, though in that it'll generate the metadata with the AttributeAuthorityDescriptor block that doesn't contain an AttributeService element. This, however, breaks the schema and causes our validation and signing process to fail, choaking on the schema validation. I just emailed the AAF folks on this.

Aparently, we're on the bleeding edge wanting to get rid of these back channel calls, Andy.


-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Andrew Morgan
Sent: Friday, April 18, 2014 3:32 PM
To: Shib Users
Subject: Re: SOAP SLO handler: what would it be used for?

On Wed, 16 Apr 2014, Tom Scavo wrote:

> On Wed, Apr 16, 2014 at 1:07 PM, Wessel, Keith <kwessel at> wrote:
>> We’ve decided, since nobody’s using it, to get rid of back-channel 
>> handler support on our IDP.
> That's good news. Your metadata (and your configuration) will be 
> greatly simplified.
>> I encourage others to consider this route.
> Indeed. For new IdPs, it's mostly a no-brainer. Here are some 
> preliminary thoughts on this issue:
> Those recommendations have not yet been vetted, however, so take them 
> with a grain of salt. If anyone has comments or suggestions, I'd like 
> to hear them.

I have tried to follow these recommendations.  However, the InCommon Federation Manager gave me the following error when I tried to submit my New Identity Provider info:


Attribute Service:
1 error prohibited this attr authority from being saved

There were problems with the following fields:

     Attr service can't be blank

Perhaps I need to submit this as a bug to the FM managers?  If the AttributeAuthorityDescriptor is optional, how can I omit it?  :)


More information about the users mailing list