Metadata signature accepted by xmlsectool, not by SP
Ian Young
ian at iay.org.uk
Wed May 11 09:32:05 EDT 2016
> On 10 May 2016, at 15:53, Ian Bobbitt <ibobbitt at grnoc.iu.edu> wrote:
>
> I would have expected an error about the schema failing validation, not
> the signature failing.
As Scott mentions, it's not actually failing schema validation. It just turns out that if you don't include an explicit regexp attribute, *the meaning of the document is different depending on whether you schema validate or not*. Bizarre but true.
There is some more information on this behaviour here:
https://wiki.shibboleth.net/confluence/display/CONCEPT/MetadataCorrectness#MetadataCorrectness-ScopesandDefaultAttributeValues
-- Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3563 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20160511/2fcdb479/attachment.p7s>
More information about the users
mailing list