Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-600

auto-generated metadata should not include MDUI metadata in AttributeAuthorityDescriptor

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.1.0
    • Component/s: Installer
    • Labels:
      None

      Description

      The auto-generated metadata created by net.shibboleth.idp.installer.metadata.MetadataGenerator includes MDUI metadata in both the IDPSSODescriptor and the AttributeAuthorityDescriptor.

      While this is permitted by the specification (because I lost an argument with Chad) I don't think it's necessary because it is normally IdPs that are being discovered and not attribute authorities. As a result, the UKf tooling actually rejects MDUI metadata in the AA descriptor because it's usually there as a mistake.

      I don't think we should include MDUI in example AA role descriptors, because doing so implies that it is in some sense necessary or recommended. We should drop this part of the output while retaining it in the SSO descriptor.

        Attachments

          Activity

            People

            Assignee:
            rdw@iay.org.uk Rod Widdowson
            Reporter:
            ian@iay.org.uk Ian Young
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 15 minutes
                15m