Metadata Typo Causes Integration Headaches
putmanb at georgetown.edu
Wed Sep 19 19:22:47 EDT 2018
On 9/19/18 7:16 PM, Cantor, Scott wrote:
> On 9/19/18, 7:07 PM, "users on behalf of Brent Putman" <users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:
>> As I just mentioned in my longish reply, the KeyInfo at issue here was the metadata KeyDescriptor/KeyInfo. I don't
>> *think* Marvin's conclusions here were quite correct, as I believe there would not have been any Credentials extracted
>> from metadata to filter.
> Yes, but my point was that even if the code is outfitted to feed key names into the process to filter out non-matches, that would have to come, ordinarily, from the message's KeyInfo hint. And with a signed redirect, there's no hint, so there's nothing to do but try all the keys in the metadata that match the algorithm type.
Sure. That's what we do. I was just trying to point out that there
was a Keyinfo here (in metadata, not a request hint) and its "badness"
was the root cause here I think, not any kind of filtering (based on
KeyInfo hints or otherwise).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users