shibboleth-dev - RE: SP 1.3f Q
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>, <>
- Subject: RE: SP 1.3f Q
- Date: Thu, 24 Apr 2008 13:18:33 -0400
- Organization: The Ohio State University
> > That sounds fairly definitive for your purposes
> if only! The rest of the world is using 1.3f, unsupported or not.
People can do what they like, but if there's a security bug later, it's not
getting fixed. If you were to make allowances for a bug like this (if in
fact there is one), I would say you're doing them a disservice.
> I'll let you know if I find out. I need to pursue this as the UK
> Federation makes extensive use of 1.3f I believe. Presumably the I2 IdP
> doesn't have the interop problem. Then again, it all seemed to happen
> after I renewed the IdP's server cert, which the IdP also uses for signing
> responses.
Then perhaps the issue is not with the signature, but with the path
validation step. The logging should make this clear. In that case, it's more
likely to be an openssl issue.
> Anyone fancy letting me have a SAML sample from their I2 IdP?
You can try protectnetwork. But I doubt the issue here is going to be
reproducible without your certificate. That seems more likely to be the
issue. You could do some simple path validation tests with openssl alone
easily enough.
-- Scott
- SP 1.3f Q, Alistair Young, 04/24/2008
- Re: SP 1.3f Q, Alistair Young, 04/24/2008
- RE: SP 1.3f Q, Scott Cantor, 04/24/2008
- RE: SP 1.3f Q, Alistair Young, 04/24/2008
- RE: SP 1.3f Q, Scott Cantor, 04/24/2008
- RE: SP 1.3f Q, Alistair Young, 04/24/2008
- RE: SP 1.3f Q, Scott Cantor, 04/24/2008
- RE: SP 1.3f Q, Scott Cantor, 04/24/2008
- Re: SP 1.3f Q, Alistair Young, 04/24/2008
Archive powered by MHonArc 2.6.16.