IdP v4.0.1 issues with CBC relying-party overrides and SPs with cipher-suite metadata

Robert Bradley robert.bradley at
Thu Nov 12 17:17:02 UTC 2020

On 12/11/2020 16:56, Cantor, Scott wrote:
> On 11/12/20, 11:52 AM, "users on behalf of Jon Agland via users" 
> <users-bounces at on behalf of users at> 
> wrote:
>> Further to Scott's message...
> Thanks Jon.
> Since SSP is quite obvious in metadata, it might be a good idea to 
> scan for any that claim GCM and reach out proactively since they'll 
> all be wrong AFAIK.

In these particular cases, it's less obvious: for one looks pretty
Shibboleth-like metadata-wise, but looking at HTTP headers and
functionality, it's far less convincing.  These are UK
federation-sourced, so I'll contact Simitive along with Jon and the UK
AMF helpdesk directly about fixing this at the source.

Dr Robert Bradley
Identity and Access Management Team, IT Services, University of Oxford
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x9461A7CA76AFE3BE.asc
Type: application/pgp-keys
Size: 16768 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the users mailing list