You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

DRAFT

This document specifies recommendations for upstream metadata produced by eduGAIN participants. Failure to comply with these recommendations will result in a warning produced by the eduGAIN metadata validator.

The table below lists currently implemented validator warnings, those marked red are actually specification errors and should be upgraded to validator errors (to be discussed within the eduGAIN SG)


Global warnings
1

Signing certificate expired

Currently implemented. To be confirmed by the SG.


Warnings on entity level


2md:EmailAddress in md:ContactPerson element should start with mailto: prefixThis violates line 495 of https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf and should be considered an error!
3

SIRTFI attribute present and security contact found but no http://refeds.org/metadata/contactType/security contactType

SIRTFI specification error
4

SIRTFI attribute declared but no appropriate md:ContactPerson set

SIRTFI specification error
5

shibmd:Scope with no regexp attribute

https://wiki.shibboleth.net/confluence/display/SC/ShibMetaExt+V1.0 recommendation
6

mdattr:EntityAttributes placed in md:Extensions element of SPSSODescriptor/IDPSSODescriptor, expected in  md:Extensions element of EntityDescriptor

Since http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html does not define appearance of this element in places other then md:Extensions element of EntityDescriptor it is most likely that the condition is a result of a mistake.
7

mdrpi:RegistrationPolicy not found

eduGAIN SAML profile Section 3
8

mdrpi:RegistrationInfo element defined more than once within a given md:Extensions element

This violates http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html section 2.1 therefore should be an error
9

mdattr:EntityAttributes element contains saml:AttributeValue with leading/trailing whitespaces


10

mdattr:EntityAttributes element appears more than once within a given md:Extensions element 

Violates http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html section 2.3, therefore should be an error.


Warnings on entity’s role level


11mdui:UIInfo not found, no mdui:DisplayName and mdui:Description presenteduGAIN SAML profile Section 3
12mdui:UIInfo with mdui:DisplayName found but mdui:Description not presenteduGAIN SAML profile Section 3
13mdui:UIInfo found but mdui:DisplayName not presenteduGAIN SAML profile Section 3
14mdui:UIInfo found but neither mdui:DisplayName nor mdui:Description presenteduGAIN SAML profile Section 3
15mdui:UIInfo found but no mdui:Logo elementeduGAIN SAML profile Section 3
16this SP does not provide requested attribute specificationleft from saml2int - should it be kept?
17Data Protection Code of Conduct declared but no mdui:PrivacyStatementURL foundViolates the CoCo spec
18CoCo declared but md:RequestedAttribute element not foundViolates the CoCo spec
19CoCo declared but mdui:PrivacyStatementURL and md:RequestedAttribute elements not foundViolates the CoCo spec


Global warnings

Some SP does not provide requested attribute specification– chyba można pominąć, bo pojawiają się te warningi na poziomie role

md:EntitiesDescriptor element does not contain the ID attribute which should be used in signature’s ds:Reference  bez sensu bo przecież ID musi być z powodu reference w podpisie

Some entities do not have an encryption certificate

Some SP entities do not have an encryption certificate

Some SP does not provide requested attribute specification to wszystko jest wymienione na poziomie role


  • No labels