Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

3no validUntil attribute in EntitiesDescriptor elementErroreduGAIN Policy


 condition evaluatedseverityreason
1EntitiesDescriptor element SHOULD contain the ID attribute used in signature's ds:ReferenceWarningsee [1]
2validUntil attribute in EntitiesDescriptor element can not be converted to a time valueErrorSAMLv2; line 348
4validUntil attribute in EntitiesDescriptor element has time value in the pastErrorSAMLv2; line 316
5validUntil attribute in EntitiesDescriptor element has value later than 28 daysErroreduGAIN Policy
6cacheDuration attribute in EntitiesDescriptor element has value not between 1-6 hoursWarningeduGAIN Policy
7cacheDuration attribute in EntitiesDescriptor element does not contain a valid periodWarningeduGAIN Policy
8EntitiesDescriptor does not contain PublicationInfoWarningeduGAIN Policy
9EntitiesDescriptor contains PublicationInfo with publisher value but neither creationInstant nor publicationID is givenWarningeduGAIN Policy
10EntitiesDescriptor contains PublicationInfo but no publisher value is givenErroreduGAIN Policy
11creationInstant attribute in PublicationInfo element has time value in the futureWarningcommon sense
12EntityDescriptor does not contain entityId attributeErrorSAMLv2; line 371
13entityId attribute value contains spacesErrorSAMLv2; line 1368???
14entityId attribute value does not start with one of the following values: http://, https://, urn:Error
15EntityDescriptor does not contain mdrpi:RegistrationInfo elementErroreduGAIN Policy
16No Organization elementWarningeduGAIN Policy
17Some IdP entities do not have any signing certificate or a signing key is wrongError
18Some SP entities do not have any signing certificateWarning
19Some SP entities have wrong certificateWarning
20"Weak" certificateWarning
21IDPSSODescriptor/SPSSODescriptor has no mdui:UIInfo with DisplayName and DescriptionWarningeduGAIN Policy
22IDPSSODescriptor/SPSSODescriptor has mdui:UIInfo but DisplayName or DescriptionWarningeduGAIN Policy
23SPSSODescriptor has no md:RequestedAttribute and R&S category is not declaredWarningeduGAIN Policy
24Empty element while checking: OrganizationName, OrganizationDisplayName, OrganizationURL, GivenName,
SurName, EmailAddress, TelephoneNumber, IPHint, Domain, GeolocationHint
Warning
25GeolocationHint does not start with geo:Warning
26Scope element declared but regexp attribute missingWarning
27CoCo declared for SP but RequestedAttribute element not found or/and PolicyStatementURL missingWarningCoCo


Anchor
1
1

Explanations 

  • [1] This topic has been disussed in the fog list in the The joy of signing metadata - thread. According to SAMLv1 sec 3.1.2 a reference to the signed element is REQUIRED and this reference needs to be passed trough an explicit identifier attribute value. In particular the XML DSIG allowed approach with the refference in the format URI="" is not allowed within SAML. The warning given by the validator will be turned into an error once all eduGAIN federations are fixed.

...

References

...