Idp4noGCMsps
Versione del 3 nov 2020 alle 14:56 di Malavolti@garr.it (discussione | contributi)
In questa pagina vengono raccolti tutti gli SP che non supportano l'algoritmo di criptazione delle asserzioni AES128-GCM usato in modo predefinito dallo Shibboleth Identity Provider versione 4.x
Elenco SP che non supportano AES128-GCM
- https://nildeutenti.bo.cnr.it/sp
- https://sp.tshhosting.com/shibboleth
- https://ticket.iop.org/shibboleth
- https://iam.atypon.com/shibboleth
- https://fsso.springer.com
Esempio di <MetadataProvider> per i metadata "edugain2idem-metadata-sha-256.xml"
<MetadataProvider id="URLMD-IDEM-Federation"
xsi:type="FileBackedHTTPMetadataProvider
backingFile="%{idp.home}/metadata/idem-test-metadata-sha256.xml"
metadataURL="http://md.idem.garr.it/metadata/edugain2idem-metadata-sha256.xml">
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
certificateFile="${idp.home}/credentials/idem-signer-20220121.pem"/>
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P10D"/>
<MetadataFilter xsi:type="EntityRoleWhiteList">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
<MetadataFilter xsi:type="Algorithm">
<!-- CBC-only SPs. -->
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<Entity>https://nildeutenti.bo.cnr.it/sp</Entity>
<Entity>https://sp.tshhosting.com/shibboleth</Entity>
<Entity>https://ticket.iop.org/shibboleth</Entity>
<Entity>https://iam.atypon.com/shibboleth</Entity>
<Entity>https://fsso.springer.com</Entity>
</MetadataFilter>
</MetadataProvider>
