...
The table below lists currently implemented validator warnings, those marked red are actually specification errors and should be upgraded to validator errors (to be discussed within the eduGAIN SG)
| Global warnings | ||
|---|---|---|
| 1 | Signing certificate expired | Currently implemented. To be confirmed by the SG. |
Warnings on entity level | ||
| 2 | md:EmailAddress in md:ContactPerson element should start with mailto: prefix | This violates line 495 of https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf and should be considered an error! |
| 3 | SIRTFI attribute present and security contact found but no http://refeds.org/metadata/contactType/security contactType | SIRTFI specification error |
| 4 | assurance-certification entity attribute is defined, but no appropriate md:ContactPerson set http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-profile-cs-01.pdf | |
| 5 | shibmd:Scope with no regexp attribute | https://wiki.shibboleth.net/confluence/display/SC/ShibMetaExt+V1.0 recommendation |
| 6 | mdattr:EntityAttributes placed in md:Extensions element of SPSSODescriptor/IDPSSODescriptor, expected in md:Extensions element of EntityDescriptor | Since http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html does not define appearance of this element in places other then md:Extensions element of EntityDescriptor it is most likely that the condition is a result of a mistake. |
| 7 | mdrpi:RegistrationPolicy not found | eduGAIN SAML profile Section 3 |
| 8 | mdrpi:RegistrationInfo element defined more than once within a given md:Extensions element | This violates http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html section 2.1 therefore should be an error |
| 9 | mdattr:EntityAttributes element contains saml:AttributeValue with leading/trailing whitespaces | |
| 10 | mdattr:EntityAttributes element appears more than once within a given md:Extensions element | Violates http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html section 2.3, therefore should be an error. |
Warnings on entity’s role level | ||
| 11 | mdui:PrivacyStatementURL does not start with http:// https:// | Not a direct specification error, but probably should be considered as such? |
| 12 | mdui:GeolocationHint should start with geo: prefix | violation of http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cs01/sstc-saml-metadata-ui-v1.0-cs01.pdf section 2.2.4 should be an error |
| 13 | mdui:UIInfo not found, no mdui:DisplayName and mdui:Description present | eduGAIN SAML profile Section 3 |
| 14 | mdui:UIInfo with mdui:DisplayName found but mdui:Description not present | eduGAIN SAML profile Section 3 |
| 15 | mdui:UIInfo found but mdui:DisplayName not present | eduGAIN SAML profile Section 3 |
| 16 | mdui:UIInfo found but neither mdui:DisplayName nor mdui:Description present | eduGAIN SAML profile Section 3 |
| 17 | mdui:UIInfo found but no mdui:Logo element | eduGAIN SAML profile Section 3 |
| 18 | this SP does not provide requested attribute specification | left from saml2int - should it be kept? |
| 19 | Data Protection Code of Conduct declared but no mdui:PrivacyStatementURL found | Violates the CoCo spec |
| 20 | CoCo declared but md:RequestedAttribute element not found | Violates the CoCo spec |
| 21 | CoCo declared but mdui:PrivacyStatementURL and md:RequestedAttribute elements not found | Violates the CoCo spec |
...