IdP3.2.1 metadata config and requireSignedRoot

Cantor, Scott cantor.2 at
Tue Dec 22 13:01:55 EST 2015

On 12/22/15, 12:55 PM, "users on behalf of Michael A Grady" <users-bounces at on behalf of mgrady at> wrote:

>Not sure if this came in with 3.2 or 3.2.1, but I note on startup with metadata-providers configured to grab the InCommon metadata, I now see the following warning in the idp-process log:
> WARN [net.shibboleth.idp.profile.spring.relyingparty.metadata.filter.impl.SignatureValidationParser:128] - file [C:\Program Files (x86)\Shibboleth\IdP\conf\metadata-providers.xml] Use of the attribute 'requireSignedMetadata' is deprecated, use 'requireSignedRoot' instead

Would have to be 3.2+ I think.

>The wiki docs still show the former, don't see any mention of requireSignedRoot. But I thought I'd see if I could substitute it "as is" for 'requireSignedMetadata', but then the IdP seemed to have trouble getting the metadata, seeming to complain about accessing '' (unless there just happened to be a connection problem then). Is there more to using 'requireSignedRoot' then just substituting it directly for 'requireSignedMetadata'?

Don't think so. I think Brent renamed it because it was ambiguously named, and wasn't really meaning what it said.

-- Scott

More information about the users mailing list