IdP Metadata certificate

Lohr, Donald - lohrda lohrda at
Wed Jul 8 13:41:10 UTC 2020


On 7/8/20 5:04 AM, Peter Schober wrote:
> * Lohr, Donald - lohrda <lohrda at> [2020-07-08 01:21]:
>> On occasion I get a non-InCommon SP vendor that reports that they
>> can not use the cert in my IdP metadata because the cert has CRLF in
>> it.
> Well, the IETF standard that exists since 2015 and tries to accomodate
> most existing previous practices is quite clear:
> "parsers SHOULD ignore whitespace and other non-
> base64 characters and MUST handle different newline conventions."
>> I do not understand why some of these vendor can and can not handle
>> my IdP certificate, more over is it something I should even worry
>> about addressing?
> If you provide them with your IDP metadata bilaterally (instead of
> having them pull it from InCommon's MDQ feed, which I'd recommend you
> do instead) there's nothing stopping you from providing each vendor
> with a customised version. That's also very silly, of course, ensuring
> extra work for you in the future, should you ever need to change your
> certificate.
> -peter

D o n a l d   L o h r
I n f o r m a t i o n   S y s t e m s
J a m e s   M a d i s o n   U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0

More information about the users mailing list