...
- Shibboleth SP 2.5.0からの新機能
展開 title その他未整理の情報 PKCS#1.5使えなくなった - /etc/shibboleth/security-policy.xml
<AlgorithmBlacklist includeDefaultBlacklist="true"/>
新機能Metadata Attribute Extractor non-ASCIIでエラー SSPCPP-547
_shibsession_* cookie HttpOnlyが付くようになった
_shibstate_* 時限付き
acl ::1入った
helpLocation="/about.html"
cookieProps書式変更
handlerSSL="true"
shibboleth2.xmlの書式エラーでhttpdが起動しなくなった?
/var/log/httpd/native.log, native_warn.logが記録されるようになる2012-08-08 04:35:19 CRIT XMLTooling.Logging : error in file permissions or logging configuration: exception creating appender: failed to open log file (/var/log/httpd/native.log)
2012-08-08 04:35:19 CRIT Shibboleth.Config : failed to load new logging configuration from (native.logger)https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationChanges
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPInterestingFeatures
requireAuthenticatedEncryption signResponse="conditional"にしないとopensaml::FatalProfileException at (https://HOSTNAME/Shibboleth.sso/SAML2/POST)
A valid authentication statement was not found in the incoming message.ログには以下が記録される。
2012-10-14 09:26:14 ERROR Shibboleth.SSO.SAML2 [7]: failed to decrypt assertion: Unauthenticated data encryption algorithm unsupported.
2012-10-13 18:54:49 WARN Shibboleth.PropertySet : deprecation - remapping property (relayStateLimit) to (redirectLimit)
2012-10-13 18:54:49 WARN Shibboleth.Application : empty/missing cookieProps setting, set to "https" for SSL/TLS-only usage
2012-10-13 18:54:49 WARN Shibboleth.Application : handlerSSL should be enabled for SSL/TLS-enabled web sites
2012-10-13 18:54:49 WARN Shibboleth.AttributeExtractor.XML : attribute mappings are reloadable; be sure to restart web server when adding new attribute IDs
...