Possible bug with Shib IdP v4.0.0

Cantor, Scott cantor.2 at osu.edu
Mon Apr 20 08:30:55 EDT 2020

On 4/18/20, 1:35 PM, "users on behalf of Ian Young" <users-bounces at shibboleth.net on behalf of ian at iay.org.uk> wrote:

> SAML software can perform that additional checking, but not all SAML software does. I don't know of a publicly
> available checking tool for this specific issue

The Shibboleth SP will, actually. Not enforcing the rules results in a constant, unending stream of these null pointer exceptions or code that's just littered with a dozen null checks to do the simplest things.

I do wonder if the expedient thing, given that we control the schemas anyway, is to tighten them up with local string types with min="1", which is what the spec should have used. That isn't perfect, but it's a quick way to make the validate option more useful.

-- Scott

More information about the users mailing list