Possible bug with Shib IdP v4.0.0
Ian Young
ian at iay.org.uk
Sat Apr 18 07:10:07 EDT 2020
> On 2020-04-18, at 12:03, Ian Young <ian at iay.org.uk> wrote:
>
> If you don't have ServiceName, you should omit the element.
Peter correctly points out that I am wrong: you can't omit ServiceName, as that would make the metadata schema-invalid. You should just remove the entire AttributeConsumingService if you don't need that.
There are two different kind of problem we're discussing here:
* Schema validity, which says what an AttributeConsumingService element needs to contain. You should schema-validate your metadata to avoid this kind of problem.
* Additional SAML rules (in particular the general one that SAML-defined elements and attributes can't be empty) which the software sometimes checks independently of schema validity.
-- Ian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200418/0d1303f2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3883 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20200418/0d1303f2/attachment.p7s>
More information about the users
mailing list