Uploaded image for project: 'Shibboleth Discovery Service - Java'
  1. Shibboleth Discovery Service - Java
  2. SDSJ-91

Logging "likely to fail" DS selections due to metadata gaps


    • Type: New Feature
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.1.1
    • Fix Version/s: 1.1.3
    • Labels:


      As federations deal with the transition from WAYF to DS support, one of the nasty issues that comes up is with SPs that fail to register SAML 2 support in their metadata, but fail to disable SAML 2 in their SP config. When they switch from WAYF to DS protocol, their requests kick over from SAML 1 to SAML 2 for IdPs that support it, but the IdPs then fail due to metadata problems with the SP.

      It occurred to me we could flag this optionally by examining the IdP and SP metadata and logging any DS requests that select an IdP with SAML 2 support from an SP without it. 99% of the time that's a mistake and logging it might help fed-ops deal with questions.

      This is very much a federation-level DS feature, not something that would apply to other DS scenarios.

        Smart Checklist




              • Assignee:
                rdw@steadingsoftware.com Rod Widdowson
                cantor.2@osu.edu Scott Cantor
              • Votes:
                0 Vote for this issue
                0 Start watching this issue


                • Created: