DRAFT
Currently we are just listing the current validator warnings, those marked as red are actually specification errors and should be upgraded to validator errors.
Global warnings | |
---|---|
Signing certificate expired | |
Warnings on entity level | |
md:EmailAddress in md:ContactPerson element should start with mailto: prefix | This violates line 495 of https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf and should be considered an error! |
SIRTFI attribute present and security contact found but no http://refeds.org/metadata/contactType/security contactType | SIRTFI specification error |
assurance-certification entity attribute is defined, but no appropriate md:ContactPerson set | |
shibmd:Scope with no regexp attribute | https://wiki.shibboleth.net/confluence/display/SC/ShibMetaExt+V1.0 recommendation |
mdattr:EntityAttributes placed in md:Extensions element of SPSSODescriptor/IDPSSODescriptor, expected in md:Extensions element of EntityDescriptor | |
mdrpi:RegistrationPolicy not found | |
mdrpi:RegistrationInfo element defined more than once within a given md:Extensions element | This violates http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html section 2.1 therefore should be an error |
mdattr:EntityAttributes element contains saml:AttributeValue with leading/trailing whitespaces | |
mdattr:EntityAttributes element appears more than once within a given md:Extensions element | |
Warnings on entity’s role level | |
mdui:PrivacyStatementURL does not start with http:// https:// | Not a direct specification error, but probably should be considered as such? |
mdui:GeolocationHint should start with geo: prefix | violation of http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cs01/sstc-saml-metadata-ui-v1.0-cs01.pdf section 2.2.4 should be an error |
mdui:UIInfo not found, no mdui:DisplayName and mdui:Description present | eduGAIN SAML profile Section 3 |
mdui:UIInfo with mdui:DisplayName found but mdui:Description not present | eduGAIN SAML profile Section 3 |
mdui:UIInfo found but mdui:DisplayName not present | eduGAIN SAML profile Section 3 |
mdui:UIInfo found but neither mdui:DisplayName nor mdui:Description present | eduGAIN SAML profile Section 3 |
mdui:UIInfo found but no mdui:Logo element | eduGAIN SAML profile Section 3 |
this SP does not provide requested attribute specification | |
Data Protection Code of Conduct declared but no mdui:PrivacyStatementURL found | Violates the CoCo spec |
CoCo declared but md:RequestedAttribute element not found | Violates the CoCo spec |
CoCo declared but mdui:PrivacyStatementURL and md:RequestedAttribute elements not found | Violates the CoCo spec |
Global warnings
Some SP does not provide requested attribute specification– chyba można pominąć, bo pojawiają się te warningi na poziomie role
md:EntitiesDescriptor element does not contain the ID attribute which should be used in signature’s ds:Reference bez sensu bo przecież ID musi być z powodu reference w podpisie
Some entities do not have an encryption certificate
Some SP entities do not have an encryption certificate
Some SP does not provide requested attribute specification to wszystko jest wymienione na poziomie role