Question about relying-party-system.xml

Nate Klingenstein ndk at signet.id
Wed Jun 30 18:30:03 UTC 2021 

Roberto,

That depends entirely on the SP implementation in use.  The probability is very low, but it can't be ruled out entirely, especially since SP's are much more likely to have been homegrown than IdP's.

For Shibboleth SP's, you should have no problems.

Hope this helps,
Nate.

--------
Signet, Inc.
The Art of Access ®

https://www.signet.id

-----Original message-----
From: Ullfig, Roberto Alfredo
Sent: Wednesday, June 30 2021, 6:20 pm
To: Shib Users
Subject: Re: Question about relying-party-system.xml

Thanks! Are there any potential issues with switching from a SHA1 signing certificate to a SHA 256 signing certificate? Could any SP be impacted by this?

---

Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago

-----------

From: users <users-bounces at shibboleth.net> on behalf of Cantor, Scott <cantor.2 at osu.edu>

Sent: Wednesday, June 30, 2021 8:50 AM

To: Shib Users <users at shibboleth.net>

Subject: Re: Question about relying-party-system.xml

On 6/30/21, 9:41 AM, "users on behalf of Ullfig, Roberto Alfredo" <users-bounces at shibboleth.net on behalf of rullfig at uic.edu> wrote:

>    Did shibboleth.DefaultSecurityConfiguration change in 4.1?

No.

Your example notably is overriding the key for SAML 1.1 only.

-- Scott

--

For Consortium Member technical support, see 
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAgdata=04%7C01%7Crullfig%40uic.edu%7C7896c4eb10d649e674b608d93bce0405%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637606578292685470%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=nb1SSXGhiP0RqMRxW4CothMw%2F6hOyLATq%2FTOAJ8KD38%3Dreserved=0 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.shibboleth.net%2Fconfluence%2Fx%2FcoFAAgdata=04%7C01%7Crullfig%40uic.edu%7C7896c4eb10d649e674b608d93bce0405%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637606578292685470%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=nb1SSXGhiP0RqMRxW4CothMw%2F6hOyLATq%2FTOAJ8KD38%3Dreserved=0>

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

--

For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg

To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list