Support for X509SubjectName Name ID
Cantor, Scott
cantor.2 at osu.edu
Fri May 15 14:59:01 UTC 2020
On 5/15/20, 10:21 AM, "users on behalf of Ullfig, Roberto Alfredo" <users-bounces at shibboleth.net on behalf of rullfig at uic.edu> wrote:
> OK fixed that, there were a handful - the settings must have been set false while testing a new SP implementation then
> propagated to a few others. All applications work with default settings now.
It's much more serious. It's not whether they work with defaults, it's whether they work with no signing. That is a total security break. And yes, lots of those exist. More common is the "accept any signing key" bug, but this exists too.
-- Scott
More information about the users
mailing list