empty scope

Ian Young ian at iay.org.uk
Wed Aug 12 07:28:58 EDT 2015

> On 12 Aug 2015, at 12:23, Leif Johansson <leifj at sunet.se> wrote:
> I recently ran into metadata that contained an empty Scope element
> (<shibmd:Scope/>). This should be legal according to the schema since
> the empty string is a valid xs:string but reasonably modern shib SP
> b0rks at it.
> It seems reasonable to not allow an empty scope but I can't find
> where it is explicitly disallowed in the Scope extensions spec.

The rule to apply is the general one saying that SAML elements can't be empty.

    -- Ian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5250 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20150812/5edff8e7/attachment.p7s>

More information about the users mailing list