Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Global warnings
1

Signing certificate expired

Currently implemented. To be confirmed by the SG.


Warnings on entity level


2md:EmailAddress in md:ContactPerson element should start with mailto: prefixThis violates line 495 of https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf and should be considered an error!
3

SIRTFI attribute present and security contact found but no http://refeds.org/metadata/contactType/security contactType

SIRTFI specification error
4

assurance-certification entity attribute is defined, SIRTFI attribute declared but no appropriate md:ContactPerson set

SIRTFI specification error
5

shibmd:Scope with no regexp attribute

https://wiki.shibboleth.net/confluence/display/SC/ShibMetaExt+V1.0 recommendation
6

mdattr:EntityAttributes placed in md:Extensions element of SPSSODescriptor/IDPSSODescriptor, expected in  md:Extensions element of EntityDescriptor

Since http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html does not define appearance of this element in places other then md:Extensions element of EntityDescriptor it is most likely that the condition is a result of a mistake.
7

mdrpi:RegistrationPolicy not found

eduGAIN SAML profile Section 3
8

mdrpi:RegistrationInfo element defined more than once within a given md:Extensions element

This violates http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html section 2.1 therefore should be an error
9

mdattr:EntityAttributes element contains saml:AttributeValue with leading/trailing whitespaces


10

mdattr:EntityAttributes element appears more than once within a given md:Extensions element 

Violates http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html section 2.3, therefore should be an error.


Warnings on entity’s role level


11

mdui:PrivacyStatementURL does not start with http:// https://

Not a direct specification error, but probably should be considered as such?
12mdui:GeolocationHint should start with geo: prefixviolation of http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cs01/sstc-saml-metadata-ui-v1.0-cs01.pdf section 2.2.4 should be an error
13mdui:UIInfo not found, no mdui:DisplayName and mdui:Description presenteduGAIN SAML profile Section 3
14mdui:UIInfo with mdui:DisplayName found but mdui:Description not presenteduGAIN SAML profile Section 3
15mdui:UIInfo found but mdui:DisplayName not presenteduGAIN SAML profile Section 3
16mdui:UIInfo found but neither mdui:DisplayName nor mdui:Description presenteduGAIN SAML profile Section 3
17mdui:UIInfo found but no mdui:Logo elementeduGAIN SAML profile Section 3
18this SP does not provide requested attribute specificationleft from saml2int - should it be kept?
19Data Protection Code of Conduct declared but no mdui:PrivacyStatementURL foundViolates the CoCo spec
20CoCo declared but md:RequestedAttribute element not foundViolates the CoCo spec
21CoCo declared but mdui:PrivacyStatementURL and md:RequestedAttribute elements not foundViolates the CoCo spec

...