IdP v4 SLO issues when wilcard certificates for websites
Cantor, Scott
cantor.2 at osu.edu
Wed Aug 19 00:58:18 UTC 2020
On 8/18/20, 8:26 PM, "users on behalf of Brent Putman" <users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:
> However the error message about the wildcard cert was not from that layer, but rather from our
> BasicX509CredentialNameEvaluator, which is used by our PKIX TrustEngines.
And FWIW I lowered the log level on that. Logging is always hard but I definitely don't think ERROR is what we want here. I considered WARN, but since this would theoretically fire anytime somebody was using a signed messaage exchange (via fall through), I think INFO is really the right level for it.
My feeling is WARN/ERROR should be reserved for "somebody should look at this", not "stuff that happens in the normal course of events".
-- Scott
More information about the users
mailing list