...
| Condition | Level | Significance | Reason | |||
|---|---|---|---|---|---|---|
| 1 | Signing certificate expired | 1-global | 1 | Currently implemented as a validator warning. To be confirmed by the SG. | ||
| 2 | md:EmailAddress in md:ContactPerson element should start with mailto: prefix | 2-entity | 4 | This violates line 495 of https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf and should be considered an error! | ||
| 3 | SIRTFI attribute present and security contact ContactPerson definition found but no contact type not http://refeds.org/metadata/contactType/security contactType | 2-entity | 2 | SIRTFI specification error | ||
| 4 | SIRTFI attribute declared but no appropriate md:ContactPerson set | 2-entity | 2 | SIRTFI specification error | ||
| 5 | shibmd:Scope with no regexp attribute | 2-entity | 5 | https://wiki.shibboleth.net/confluence/display/SC/ShibMetaExt+V1.0 recommendation | ||
| 6 | mdattr:EntityAttributes placed in md:Extensions element of SPSSODescriptor/IDPSSODescriptor, expected in md:Extensions element of md:EntityDescriptor | 2-entity | 1 | Since http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html does not define appearance of this element in places other then md:Extensions element of EntityDescriptor it is most likely that the condition is a result of a mistake. | ||
| 7 | mdrpi:RegistrationPolicy not found | 2-entity | 3 | eduGAIN SAML profile Section 3 | ||
| 8 | mdattr:EntityAttributes element contains saml:AttributeValue with leading/trailing whitespaces | 2-entity | 3 | |||
| 9 | mdattr:EntityAttributes element contains duplicated saml:Attribute / saml:AttributeValue declaration | 2-entity | ?? | |||
| 10 | mdui:UIInfo found but mdui:DisplayName not present | 3-role | 3 | eduGAIN SAML profile Section 3 | ||
| 1011 | mdui:UIInfo found but no mdui:Logo element | 3-role | 1 | eduGAIN SAML profile Section 3 | 11||
| 12 | for SP mdui:UIInfo / mdui:DisplayName does not have English value | 3-role | ?? | |||
| 13 | mdui:UIInfo not found, no mdui:DisplayName and mdui:Description present | 3-role(SP-only) | 3 | eduGAIN SAML profile Section 3 | ||
| 1214 | for SP: mdui:UIInfo with mdui:DisplayName found but mdui:Description not present | 3-role(SP-only) | 3 | eduGAIN SAML profile Section 3 | ||
| 1315 | for SP: mdui:UIInfo found but neither mdui:DisplayName nor mdui:Description present | 3-role(SP-only) | 3 | eduGAIN SAML profile Section 3 | ||
| 14 | this SP does not provide requested attribute specification | 3-role | 1 | left from saml2int - should it be kept? | ||
| 16 | 15 | Data Protection Code of Conduct declared but no mdui:PrivacyStatementURL found | 3-role | 4 | Violates the CoCo spec | |
| 17 | Data Protection Code of Conduct declared | 16 | CoCo declared but md:RequestedAttribute element not found | 3-role | 4 | Violates the CoCo spec | 17
| 18 | CoCo declared but mdui: PrivacyStatementURL and md:RequestedAttribute elements not foundLogo element contains inline logo which is larger than 40kB and smaller than 50 kB | |||||
| 19 | mdui:Logo element contains inline logo which is larger than 50kB | |||||
| 20 | R&S Category declared but the SP does not provide required mdui:DisplayName | 3-role | ||||
| 21 | R&S Category declared but the SP does not provide required mdui:InformationURL | 3-role | ||||
| 22 | R&S Category declared but the SP does not provide any technical contact | |||||
| 23 | Some entities do not have an encryption certificate | global | ||||
| 24 | SP has a wrong signing certificate | 3-role(SP-only) | ||||
| 25 | SP has no encryption certificate | 3-role(SP-only) | ||||
| 26 | Signing certificate expired | global | 4 | Violates the CoCo spec |