IdP v4 SLO issues when wilcard certificates for websites

Cantor, Scott cantor.2 at
Wed Aug 19 00:58:18 UTC 2020

On 8/18/20, 8:26 PM, "users on behalf of Brent Putman" <users-bounces at on behalf of putmanb at> wrote:

> However the error message about the wildcard cert was not from that layer, but rather from our
> BasicX509CredentialNameEvaluator, which is used by our PKIX TrustEngines.

And FWIW I lowered the log level on that. Logging is always hard but I definitely don't think ERROR is what we want here. I considered WARN, but since this would theoretically fire anytime somebody was using a signed messaage exchange (via fall through), I think INFO is really the right level for it.

My feeling is WARN/ERROR should be reserved for "somebody should look at this", not "stuff that happens in the normal course of events".

-- Scott

More information about the users mailing list