IdP3.2.1 metadata config and requireSignedRoot
Michael A Grady
mgrady at unicon.net
Tue Dec 22 12:55:17 EST 2015
Not sure if this came in with 3.2 or 3.2.1, but I note on startup with metadata-providers configured to grab the InCommon metadata, I now see the following warning in the idp-process log:
WARN [net.shibboleth.idp.profile.spring.relyingparty.metadata.filter.impl.SignatureValidationParser:128] - file [C:\Program Files (x86)\Shibboleth\IdP\conf\metadata-providers.xml] Use of the attribute 'requireSignedMetadata' is deprecated, use 'requireSignedRoot' instead
The wiki docs still show the former, don't see any mention of requireSignedRoot. But I thought I'd see if I could substitute it "as is" for 'requireSignedMetadata', but then the IdP seemed to have trouble getting the metadata, seeming to complain about accessing 'md.incommon.org' (unless there just happened to be a connection problem then). Is there more to using 'requireSignedRoot' then just substituting it directly for 'requireSignedMetadata'?
--
Michael A. Grady
IAM Architect, Unicon, Inc.
More information about the users
mailing list