IdP3.2.1 metadata config and requireSignedRoot

[Cantor, Scott]

On 12/22/15, 12:55 PM, "users on behalf of Michael A Grady" <users-bounces at shibboleth.net on behalf of mgrady at unicon.net> wrote:



>Not sure if this came in with 3.2 or 3.2.1, but I note on startup with metadata-providers configured to grab the InCommon metadata, I now see the following warning in the idp-process log:
>
> WARN [net.shibboleth.idp.profile.spring.relyingparty.metadata.filter.impl.SignatureValidationParser:128] - file [C:\Program Files (x86)\Shibboleth\IdP\conf\metadata-providers.xml] Use of the attribute 'requireSignedMetadata' is deprecated, use 'requireSignedRoot' instead

Would have to be 3.2+ I think.

>The wiki docs still show the former, don't see any mention of requireSignedRoot. But I thought I'd see if I could substitute it "as is" for 'requireSignedMetadata', but then the IdP seemed to have trouble getting the metadata, seeming to complain about accessing 'md.incommon.org' (unless there just happened to be a connection problem then). Is there more to using 'requireSignedRoot' then just substituting it directly for 'requireSignedMetadata'?

Don't think so. I think Brent renamed it because it was ambiguously named, and wasn't really meaning what it said.

-- Scott