Support for X509SubjectName Name ID

Ullfig, Roberto Alfredo rullfig at
Fri May 15 15:20:13 UTC 2020

Signing is the default - not following you.

Roberto Ullfig - rullfig at
Systems Administrator
Enterprise Architecture and Development | ACCC
University of Illinois - Chicago
From: users <users-bounces at> on behalf of Cantor, Scott <cantor.2 at>
Sent: Friday, May 15, 2020 9:59 AM
To: Shib Users <users at>
Subject: Re: Support for X509SubjectName Name ID

On 5/15/20, 10:21 AM, "users on behalf of Ullfig, Roberto Alfredo" <users-bounces at on behalf of rullfig at> wrote:

> OK fixed that, there were a handful - the settings must have been set false while testing a new SP implementation then
> propagated to a few others. All applications work with default settings now.

It's much more serious. It's not whether they work with defaults, it's whether they work with no signing. That is a total security break. And yes, lots of those exist. More common is the "accept any signing key" bug, but this exists too.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list