We plan to make several adjustments to the default profiles and security mechanisms used for new installs. These will not impact upgrades when done in accordance with the documentation.
The three widely agreed changes included:
disable SAML 1 by default
disable attribute queries by default
removing default support for use of PKIX at runtime
The tenatively agreed change is to switch the default XML encryption algorithm to AES-GCM. This is more open to discussion because it guarantees some effort by deployers to override that default for a variety of services, likely permanently.
Environment
None
Activity
Tom Zeller
March 6, 2020 at 5:01 PM
Resolving as tests pass.
Scott Cantor
February 21, 2020 at 4:59 PM
Over to Tom if there's still any test cleanup.
Scott Cantor
February 21, 2020 at 4:58 PM
I changed the GCM default today.
Tom Zeller
January 28, 2020 at 2:39 AM
I need to adjust the attribute query integration tests to enable attribute queries when testing IdP V4.
We plan to make several adjustments to the default profiles and security mechanisms used for new installs. These will not impact upgrades when done in accordance with the documentation.
The three widely agreed changes included:
disable SAML 1 by default
disable attribute queries by default
removing default support for use of PKIX at runtime
The tenatively agreed change is to switch the default XML encryption algorithm to AES-GCM. This is more open to discussion because it guarantees some effort by deployers to override that default for a variety of services, likely permanently.