InCommon Operations Notifications

[Thomas Scavo <>]

AFAIK, this issue is fully resolved but if you would like to know more about 
how the Shib SP was involved, here are links to the relevant discussion 
thread on the shibboleth users mailing list and the resulting shibboleth jira 
issue:

shibd unable to verify signature when metadata is cached
http://marc.info/?t=145853747800001&r=1&w=2&n=10]

Successfully cached metadata documents containing `
` subquently fail 
signature validation
https://issues.shibboleth.net/jira/browse/SSPCPP-684]

Tom

________________________________________
From: 

 
<>
 on behalf of Thomas Scavo 
<>
Sent: Wednesday, March 23, 2016 9:11 AM
To: 

Cc: InCommon Administration
Subject: [InCommon NOTICE] bad characters in metadata

As announced on Monday (attached below for reference), metadata was signed 
twice on Tuesday, around 9:00 am ET and again at approximately 3:00 pm ET. 
Unrelated to the issue reported on Monday (which is still unresolved), the 
9:00 am signing event on Tuesday picked up some bad characters in eduGAIN 
metadata. These characters exposed a bug in the Shibboleth SP software that 
causes metadata refresh processes to fail.

By the time we signed metadata at 3:00 pm on Tuesday, the bad characters had 
been removed upstream. Here is a portion of the diff before and after the 
3:00 pm signing:

-          <mdui:Description xml:lang="en">Off Campus Partners simplifies the 
off-campus housing&#13;
-   search process for universities, property managers, and students. Our&#13;
-   software platform powers the off-campus housing listing service at 
the&#13;
-   nation's leading universities.</mdui:Description>
+          <mdui:Description xml:lang="en">Off Campus Partners simplifies the 
off-campus housing search process for universities, property managers, and 
students. Our software platform powers the off-campus housing listing service 
at the nation's leading universities.</mdui:Description>

As indicated by the diff, the bad characters no longer exist in metadata. If 
your SP is still having an issue, clear the metadata backing file and restart 
the SP to load fresh metadata.

If you have questions or concerns, please contact us at 


Tom Scavo
Operations Manager
InCommon.org


________________________________________
From: Thomas Scavo
Sent: Monday, March 21, 2016 7:52 PM
To: 

Cc: InCommon Administration
Subject: metadata was NOT published today!

For some unknown reason, the metadata signing process did not run to 
completion today. Consequently, a new metadata file was not published to the 
server. To compensate, we are planning to sign metadata twice tomorrow, once 
in the morning and once in the afternoon.

The metadata currently on the server was signed and published last Friday, 
March 18. Today’s metadata updates will be published tomorrow (Tuesday) 
morning at approximately 9:00 am ET. We will then sign and publish metadata 
again at the usual time, between 2:30 and 3:30 pm ET.

No metadata has been lost or compromised. Once we know why today’s metadata 
signing process failed, we will follow up with details.

I apologize for any inconvenience this may have caused. If you have questions 
or concerns, please contact us at 


Tom Scavo
Operations Manager
InCommon.org