inc-ops-notifications - [InCommon NOTICE] InCommon metadata validity window
Subject: InCommon Operations Notifications
List archive
- From: Johnny Lasker <>
- To: "" <>
- Subject: [InCommon NOTICE] InCommon metadata validity window
- Date: Tue, 18 Feb 2025 17:10:46 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JWe9C+Fl0Yw6uZvto9u/Ik5E+6BRPhvtuBm+6LqygPM=; b=hSlWv7BaAMkh4SN/QVgBPPeS0XWlImJhh3LuAIVGgrOprbUA2XabfkJx5ry/tgUugMINHmLu46A0Fj4S3xc23s9xZldDdECBA/FvvTGVZ9pcjoHvbbEMxLg6amzvxf3wfiSmmX/8e9CQ32ogNmhKC72uQpff2AjyS34uNPl+aI+BoCUeB5awlkFAI2Sk7c/trzwAnolx6HDvBr+wi1EFsjnOKZon5KxcP5f1DPL5hAB7LqDXjrXoThzOUgB346nNS1IRKLN2bKsnkqSDnm57AfKLZhTWJ1ztYrWg92lMA8Ias7qdfiI1LpVO+BhXu0KNfVtES1SFCz/tlx5oyNCtKg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=KRsb3f6xqFEqO2C68l3918B6bIdxTmHvYkS1OXEwiGi+fR6IK7djo2XuNiGUB070KRLwn4gC6/BGC8c1rkT5H8v4LImLJjnnbuDlkm7swZbz/pRQY3h0RKLFQzkE9GLpXe8d9/a3nTYxuiUZLUnGdiESyiw34piTjHabvtElGKqtDBjl139tJCQjOHyMlEvcQko0OoaozK3rtqaxY26HtqXGFczajtjzCrXvzEkxd3K/dy7iC0PgE96XgetaESH5/udGTb23m9MlJdnXvbBY9GKeiuAW169c5ZGXwUKouBlOWpBjSSDW9BvOOx2RwndDmpALyry7Br1T89BFOc81Fg==
|
We have identified that the InCommon metadata aggregates validity window was inadvertently increased from 14 days to 21 days, causing some configurations to reject the metadata.
Logs may show as: Metadata's validity interval PT503H15M58.135S is larger than is allowed PT336H We are preparing an update to set the validity window back to two weeks. An InCommon notice will notify you when the update is complete.
In the meantime, you may resolve this issue by increasing the maximum allowed validity window for your SAML providers to 21 days and then restarting your service(s).
For Shibboleth IdP v5, this can be found here: https://shibboleth.atlassian.net/wiki/spaces/IDP5/pages/3199507322/RequiredValidUntilFilter For Shibboleth SP3, this can be found here: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2063696214/RequireValidUntilMetadataFilter
For any further questions, please contact
Thanks,
Johnny Lasker Principal Service Integration Engineer Internet2 Trust & Identity Pronouns: he, him, his
|
- [InCommon NOTICE] InCommon metadata validity window, Johnny Lasker, 02/18/2025
Archive powered by MHonArc 2.6.24.