Question about relying-party-system.xml

Ullfig, Roberto Alfredo rullfig at uic.edu
Tue Jun 29 21:00:12 UTC 2021 

Yes we are on IDP 4.1. Where can I see shibboleth.DefaultSecurityConfiguration etc now?

Also, I just noticed that idp.properties is set to the default cert hash:

#idp.signing.config = shibboleth.SigningConfiguration.SHA256

however, we currently have a 10 year old SHA1 certificate. I'm looking at supporting the old SHA1 certificate for a few days (for select relying parties) if needed when we switch over to the new SHA256 certificate.

---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
________________________________
From: users <users-bounces at shibboleth.net> on behalf of Wessel, Keith <kwessel at illinois.edu>
Sent: Tuesday, June 29, 2021 3:47 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Question about relying-party-system.xml


Roberto,



Are you on IdP V4.1 yet? Note that the system directory is being phased out starting in that version.



Keith





From: users <users-bounces at shibboleth.net> On Behalf Of Ullfig, Roberto Alfredo
Sent: Tuesday, June 29, 2021 3:25 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Question about relying-party-system.xml



sorry, in this document:



https://wiki.shibboleth.net/confluence/display/IDP4/SecurityConfiguration#558043767feabb97faea44519fa2dc20228093ee<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2Fwiki.shibboleth.net%2Fconfluence%2Fdisplay%2FIDP4%2FSecurityConfiguration*558043767feabb97faea44519fa2dc20228093ee__%3BIw!!DZ3fjg!raYHbh9UVKXQwt1r04KgjFohNI2Oo4Yu_MyUlXqWhT_6xpOKj7cwjbjv_v8eTmUB9Q%24&data=04%7C01%7Crullfig%40uic.edu%7C0df88c09a20f42cb0d6108d93b3f2e01%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637605964843091584%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=KKHop6tJ4hSCP97pySljpNxUuyZ1uP3GAZ3%2BTrLLBm8%3D&reserved=0>



it mentions:



The default objects that make up these configurations are defined in system/conf/relying-party-system.xml



however, I don't have this file in my installation. This file does exist though:



/opt/shibboleth-idp/old-20200714-1326/system/conf/relying-party-system.xml





---

Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago

________________________________

From: Ullfig, Roberto Alfredo
Sent: Tuesday, June 29, 2021 3:23 PM
To: Shib Users <users at shibboleth.net>
Subject: Question about relying-party-system.xml



In this document:





---

Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210629/3e558b2a/attachment.htm>

More information about the users mailing list