IdP Metadata certificate
Lohr, Donald - lohrda
lohrda at jmu.edu
Wed Jul 8 13:41:10 UTC 2020
Thanks
On 7/8/20 5:04 AM, Peter Schober wrote:
> * Lohr, Donald - lohrda <lohrda at jmu.edu> [2020-07-08 01:21]:
>> On occasion I get a non-InCommon SP vendor that reports that they
>> can not use the cert in my IdP metadata because the cert has CRLF in
>> it.
> Well, the IETF standard that exists since 2015 and tries to accomodate
> most existing previous practices is quite clear:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7468-23section-2D2&d=DwICAg&c=eLbWYnpnzycBCgmb7vCI4uqNEB9RSjOdn_5nBEmmeq0&r=Pa2DB88IW_s2TyLfktHtWA&m=77FPbj9RjmjoKfTFImKDxeihE0dVFRqxNvQi1fmt9rk&s=hkPxNv-oTpv93Jp-A3s2OB3W7K5OZcS1IfX0I1NVoeQ&e=
>
> "parsers SHOULD ignore whitespace and other non-
> base64 characters and MUST handle different newline conventions."
>
>> I do not understand why some of these vendor can and can not handle
>> my IdP certificate, more over is it something I should even worry
>> about addressing?
> If you provide them with your IDP metadata bilaterally (instead of
> having them pull it from InCommon's MDQ feed, which I'd recommend you
> do instead) there's nothing stopping you from providing each vendor
> with a customised version. That's also very silly, of course, ensuring
> extra work for you in the future, should you ever need to change your
> certificate.
>
> -peter
--
D o n a l d L o h r
I n f o r m a t i o n S y s t e m s
J a m e s M a d i s o n U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0
More information about the users
mailing list