Uploaded image for project: 'Shibboleth Discovery Service - Java'
  1. Shibboleth Discovery Service - Java
  2. SDSJ-91

Logging "likely to fail" DS selections due to metadata gaps

    Details

    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.1.1
    • Fix Version/s: 1.1.3
    • Labels:
      None

      Description

      As federations deal with the transition from WAYF to DS support, one of the nasty issues that comes up is with SPs that fail to register SAML 2 support in their metadata, but fail to disable SAML 2 in their SP config. When they switch from WAYF to DS protocol, their requests kick over from SAML 1 to SAML 2 for IdPs that support it, but the IdPs then fail due to metadata problems with the SP.

      It occurred to me we could flag this optionally by examining the IdP and SP metadata and logging any DS requests that select an IdP with SAML 2 support from an SP without it. 99% of the time that's a mistake and logging it might help fed-ops deal with questions.

      This is very much a federation-level DS feature, not something that would apply to other DS scenarios.

        Attachments

          Activity

            People

            • Assignee:
              rdw@steadingsoftware.com Rod Widdowson
              Reporter:
              cantor.2@osu.edu Scott Cantor
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Smart Checklist