Shibboleth(3.2.3) : Parsing of the Incommons-Medata.xml taking huge amount of time
Peter Schober
peter.schober at univie.ac.at
Thu Apr 14 11:09:37 UTC 2022
* Max Spicer <max.spicer at york.ac.uk> [2022-04-14 13:04]:
> Am I right in thinking that the v4 equivalent of this is the
> alwaysVerifyTrustedSource attribute on a SignatureValidation filter?
The XML libraries used by the IDP don't have a problem with signature
validation filters on very large metadata aggregates (contrary to
those used by the SP), so there's nothing special you'd need to do
either way.
The same logic (that you'll need to trust the file system with cached
metadata as long as you trust the file system with key material to
validate said metadata with) still applies, of course.
-peter
More information about the users
mailing list