IdP v4.0.1 issues with CBC relying-party overrides and SPs with cipher-suite metadata
Robert Bradley
robert.bradley at it.ox.ac.uk
Thu Nov 12 17:17:02 UTC 2020
On 12/11/2020 16:56, Cantor, Scott wrote:
> On 11/12/20, 11:52 AM, "users on behalf of Jon Agland via users"
> <users-bounces at shibboleth.net on behalf of users at shibboleth.net>
> wrote:
>
>> Further to Scott's message...
>
> Thanks Jon.
>
> Since SSP is quite obvious in metadata, it might be a good idea to
> scan for any that claim GCM and reach out proactively since they'll
> all be wrong AFAIK.
>
In these particular cases, it's less obvious:
https://bodannualreviews.simitive.com/shibboleth for one looks pretty
Shibboleth-like metadata-wise, but looking at HTTP headers and
functionality, it's far less convincing. These are UK
federation-sourced, so I'll contact Simitive along with Jon and the UK
AMF helpdesk directly about fixing this at the source.
--
Dr Robert Bradley
Identity and Access Management Team, IT Services, University of Oxford
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x9461A7CA76AFE3BE.asc
Type: application/pgp-keys
Size: 16768 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20201112/ebb29ee2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://shibboleth.net/pipermail/users/attachments/20201112/ebb29ee2/attachment.sig>
More information about the users
mailing list