random issues with idp 3.4.1

[Cantor, Scott]

On 12/5/18, 2:35 PM, "users on behalf of Paul B. Henson" <users-bounces at shibboleth.net on behalf of henson at cpp.edu> wrote:

> it would be nice to have a comment in the configuration file itself mentioning potential compatibility issues if turned on.

I'm not a fan of making the properties file carry documentation, so I prefer to stick to making sure we document any unclear properties. If need be, I'd rather we just create a whole index of properties and any notes about them vs. putting anything in the file itself.

> The ones that broke for me were a mix of hardcoded metadata and ones with metadata in the Federation;

The latter are the problem. There will probably end up being a MetadataFilter to add EncryptionMethod elements to metadata like we did with NameIDFormats.

All joking aside, I don't expect to see anything change unless people start imposing actual security requirements on their vendors. It's why all cloud auditing is apparently a joke if this isn't even on their radar.
 
-- Scott