Metadata Typo Causes Integration Headaches

Cantor, Scott cantor.2 at
Tue Sep 18 09:09:13 EDT 2018

On 9/18/18, 7:56 AM, "users on behalf of Marvin Addison" <users-bounces at on behalf of serac at> wrote:

> 1. Don't maintain metadata by hand. I believe that's somewhere in the
> InCommon best practices documents, but it's a best practice
> regardless. We've had several minor issues over the years, but this
> most recent one was a huge support black hole and I think we've
> finally learned the lesson the hard way.

If you mean "rely on an XML editor", that's certainly useful, but can be a pain when you do a lot of work on servers. But what I would certainly suggest is schema validating. It doesn't catch every metadata mistake but it certainly catches this sort of thing in most cases.

> 2. Metadata-based credential resolution is complicated by filtering
> that can reduce the effective key set from what's patently defined in
> metadata XML files.

Not sure I followed that. I think the underlying code might support some name-based key filtering but I don't think it actually triggers all that often, and never on a redirect since there's no KeyInfo hint to feed into that kind of filtering.

-- Scott

More information about the users mailing list