shibd unable to verify signature when metadata is cached

Cantor, Scott cantor.2 at osu.edu
Wed Apr 13 10:42:32 EDT 2016


On 4/13/16, 10:27 AM, "users on behalf of Nick Roy" <users-bounces at shibboleth.net on behalf of nroy at internet2.edu> wrote:


>
>I think the difference between today and six months ago is that InCommon is now republishing eduGAIN metadata.  Even with the best everyone can do, things like this are just statistically more likely to happen, so there is, I think, a larger need to address these kinds of issues in a quicker way.

Well, the problem was noticed after the eduGAIN change, so that's not new, I took it into account.

I'm simply asking who else agrees, but didn't say anything up until this point.

To put a button on it, the choices are between fixing it by mid-May or so, and by end of year. The opportunity cost is that the IdP's next release, which will include (among other things) the features listed here [1] will probably be a month or so later than otherwise.

-- Scott

[1] https://wiki.shibboleth.net/confluence/display/DEV/IdP33Details



More information about the users mailing list