Skip to Content.
Sympa Menu

metadata-diff - [METADATA-DIFF] Production-Production Diff

Subject: InCommon Metadata Diff List

List archive

[METADATA-DIFF] Production-Production Diff


Chronological Thread 
  • From: InCommon Operations <>
  • To:
  • Subject: [METADATA-DIFF] Production-Production Diff
  • Date: Fri, 19 Jun 2020 15:11:05 +0000 (UTC)

The following diff compares the current production metadata with the
previously issued version of the production metadata. It is also at
https://wayf.incommonfederation.org/metadata-diff/prod-prod/prod-prod-1592579458-validUntil.2020-07-03T14.58.07Z.diff

diff --git a/InCommon-metadata.xml b/InCommon-metadata.xml
index bcc5c55..ac55991 100644
--- a/InCommon-metadata.xml
+++ b/InCommon-metadata.xml
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?><EntitiesDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:icmd="http://id.incommon.org/metadata";
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:remd="http://refeds.org/metadata";
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="INC20200618T185131"
Name="urn:mace:incommon" validUntil="2020-07-02T18:51:31Z"><Signature
xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#"/><SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference
URI="#INC20200618T185131"><Transforms><Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod

Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>DO4EYOIwpjpfMM8kcfInsM/RdgdB8SahZEWqNsXkN8A=</DigestValue></Reference></SignedInfo><SignatureValue>MjyU3qDpyiPKIz8tcvjLKriYUqw9FD4TjPuldrZA1eiWcJZ8Pl1vUhWOhlKRmiSEqyrET42pmmvf
-b2VvtQDxwBGbPsMn7UrSgGwKWFhDrU7fqW9qJnUF9F3PYP3TwN1Lc5ObD2kuAoHxJUm4jXVRcf/c
-qMpAVDUyb311B+6DHU+vH8mPuJD8mlknnDtlxHXWm///IWLWBzUN9N0qkaT9rJC9dauqk79qWrjj
-y1bwOLk865iKWwOUIoeEMSlDVX9yEB44BpMuHf/TxTwEzCfgYS+uIjkgCY1TD9ud5MnZsFEdyUQF
-XJqtZx4sIUDFUoubht40fvxsrLwvjdrvZR5oxw==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUw
+<?xml version="1.0" encoding="UTF-8"?><EntitiesDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
xmlns:icmd="http://id.incommon.org/metadata";
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:remd="http://refeds.org/metadata";
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="INC20200619T145807"
Name="urn:mace:incommon" validUntil="2020-07-03T14:58:07Z"><Signature
xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#"/><SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference
URI="#INC20200619T145807"><Transforms><Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod

Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>kVBSkW09NcNKPqxTzHJfQ8Bhwm7xC7HMgjPObs1BRG0=</DigestValue></Reference></SignedInfo><SignatureValue>tuZwjx2yOH26oxdiZqVrfYxTLWx9H3SVkzELu/e69co/zFSqrKGPvy3r9EZqAB9Lec3R22qB/gc4
+FtSMo1qW2+tQ3R8FmrhOfUPjIa/3xoN6U9bYIX0MgFh0FeP5P6gN9lVdGEhJUKhevrRk7G42fFxz
+uU5MlsgAZ0VOm0HMCdSva5BDKx4IUXqEjcOFlBnfA8Py7IO9zv/2YlKLNpWQDnf/zIMgYdT1+buF
+Y+icvRb+kuW/esYIGw7Y3hM2BwfrWXUaROF3UWXOrhj8c5Rs79yBq4tJjmOPG1yejwo0x1Pm10OK
+phAL3VrVjXELUW9m6nR1OTb6vmhkKvTEQMrtsA==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUw
EwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRh
dGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQG
EwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9u
@@ -19,7 +19,7 @@
qEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQ
xOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH

6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==</X509Certificate></X509Data></KeyInfo></Signature>
<Extensions>
- <mdrpi:PublicationInfo creationInstant="2020-06-18T18:51:31Z"
publisher="https://incommon.org"/>
+ <mdrpi:PublicationInfo creationInstant="2020-06-19T14:58:07Z"
publisher="https://incommon.org"/>
</Extensions>
<EntityDescriptor entityID="https://issues.shibboleth.net/shibboleth";>
<Extensions>
@@ -185209,6 +185209,7 @@ jhao0WXgTHHQUUpEzZXrh/Bzyw==
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://granite-curr.courseleaf.com/Shibboleth.sso/SAML2/POST";
index="265"/>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://nextcatalog.registrar.uiowa.edu/Shibboleth.sso/SAML2/POST";
index="266"/>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://currentcatalog.registrar.uiowa.edu/Shibboleth.sso/SAML2/POST";
index="267"/>
+ <AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://uiowa-test.courseleaf.com/Shibboleth.sso/SAML2/POST";
index="268"/>
<AttributeConsumingService index="1">
<ServiceName xml:lang="en">CourseLeaf</ServiceName>
<ServiceDescription xml:lang="en">Leepfrog Technologies
CourseLeaf</ServiceDescription>
@@ -378884,7 +378885,8 @@ PewgKNx+cRI=
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="https://uvacreate.virginia.edu/Shibboleth.sso/SAML2/ECP"; index="4"/>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/POST";
index="5"/>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/POST-SimpleSign";
index="6"/>
- <AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/ECP";
index="7"/>
+ <AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/Artifact";
index="7"/>
+ <AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/ECP";
index="8"/>
<AttributeConsumingService index="1">
<ServiceName xml:lang="en">UVA Create Web Hosting Service</ServiceName>
<ServiceDescription xml:lang="en">Master the tools and technology that
make up the web to build your own space online.</ServiceDescription>
@@ -446803,39 +446805,68 @@ RJdy6XKOaUwmEHbmZ/lYby/qc0YqZTZyvWdGNBW7+cU=
<idpdisc:DiscoveryResponse
Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Location="https://tk20.ehe.osu.edu/Shibboleth.sso/Login"; index="2"/>
<mdui:UIInfo>
<mdui:DisplayName xml:lang="en">TK20 SSO</mdui:DisplayName>
- <mdui:Description xml:lang="en">Single Sign-On provides users with
access to multiple environments with a single, secure password. Most
universities maintain their web portals; on-campus users would use single
authentication information to log in. Once logged in, they can access various
websites or services, such as Tk20. Typically, in this scenario, once the
user is authenticated via the portal, a request forwards to Tk20. When the
software receives the request, a secure handshake with the web portal ensures
the request is legitimate. After the request is validated, information
pertaining to the user attempting access to Tk20 is exchanged. The software
ensures that the user trying to access Tk20 is a valid Tk20 user. After
passing the checks, the user is immediately directed to the Tk20 account home
page in the application. In this case, the user does not see the Tk20 login
page because the authentication only happens once when the user logs in to
the web portal on campus.
Tk20 merely integrates with the web portal, ensures the proper authorization
and allows the user into the Tk20 system. The Tk20 system is designed to
allow access to users who do not have access to the campus portal, but do
need access to Tk20. In such cases, the authentication information of such
users is maintained locally in the Tk20 database
-</mdui:Description>
+ <mdui:Description xml:lang="en">Single Sign-On provides users with
access to multiple environments with a single, secure password. Most
universities maintain their web portals; on-campus users would use single
authentication information to log in. Once logged in, they can access various
websites or services, such as Tk20. Typically, in this scenario, once the
user is authenticated via the portal, a request forwards to Tk20. When the
software receives the request, a secure handshake with the web portal ensures
the request is legitimate. After the request is validated, information
pertaining to the user attempting access to Tk20 is exchanged. The software
ensures that the user trying to access Tk20 is a valid Tk20 user. After
passing the checks, the user is immediately directed to the Tk20 account home
page in the application. In this case, the user does not see the Tk20 login
page because the authentication only happens once when the user logs in to
the web portal on campus.
Tk20 merely integrates with the web portal, ensures the proper authorization
and allows the user into the Tk20 system. The Tk20 system is designed to
allow access to users who do not have access to the campus portal, but do
need access to Tk20. In such cases, the authentication information of such
users is maintained locally in the Tk20 database</mdui:Description>
<mdui:InformationURL
xml:lang="en">https://www1.taskstream.com/</mdui:InformationURL>
<mdui:PrivacyStatementURL
xml:lang="en">https://www.watermarkinsights.com/privacy-policy/</mdui:PrivacyStatementURL>
<mdui:Logo height="1000" width="2000"
xml:lang="en">https://www.watermarkinsights.com/wp-content/themes/taskstream/parts/svgs/watermark.php</mdui:Logo>
</mdui:UIInfo>
</Extensions>
- <KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <!-- Serial No. 10585185416662980058, expires on Mon Jun 17
13:47:44 2030 GMT -->
+ <ds:X509Certificate>
+MIID0DCCAjigAwIBAgIJAJLmIg3B15XaMA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNV
+BAMTA29zdTAeFw0yMDA2MTkxMzQ3NDRaFw0zMDA2MTcxMzQ3NDRaMA4xDDAKBgNV
+BAMTA29zdTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAM3cdIQwxbDe
+Du1RPr6Vd42gLunKJHnPImtI4XIOBieqWDRimM04K9wB/qfq57bpVc2BCS1s+YA8
+uNSD5+FBVQe/7RypfHYN20hRCZAPRFLffX0W0y28rkhp4yDZjxVq1gwWIHdbtWyh
+wqbyKSpv48w6LpXVyBFmtH+SqlwB5QgQgwyXFLeb9OHW0nwm23scl0okspvgQ42+
+wGWsbIdZUAe3PpxIQnyfQi9yOmmEI9oefcMTvdOXbQgqb1lSug/hdVzQ4KxvBr+5
+9OUesl+FHlEXj0JwFsVyvyCKLf6NGHq/Nw/O+J/7omapKGM9lnxAZGQoI/zMGUn1
+fA2hvBsuulip+V1fljl9sUu+j0yWAROSt2O6uviRjev3FmtZ8P1NzCjbhdfZibhG
+MCxrN0TcCFogVQzhUQcWnYx3hjh0qTYbzJq/e18erjSSp2Lu6fHJ9oXKajqkEsdc
+dquiO1nzd6dCD3xmfL42OOvLAppR1r60z3dhJKK57edOwP4wHM1TIQIDAQABozEw
+LzAOBgNVHREEBzAFggNvc3UwHQYDVR0OBBYEFLXvCVNX4QNstNgpOlDdniQeLgZT
+MA0GCSqGSIb3DQEBCwUAA4IBgQBs7oyPSI0sQGzDnWzhKz7D0NPqApbrDrFMxd4U
+bO2tf++9AYveOf1HDUCUd9JwPSO0IznbKeCqyJ2AIAR2/xmVvV5f/MzsDjJGITOV
+3ym7QwpE4V9wIW7WHtvtxvYO8LqXO/sO4Is4ILuIgXKlFuDpdt4/4CkHKlLJdgm1
+eyIloIsw1N7edjwhBJ3CdNEl2Ug9iGBIUKj94ZXFKpGJpHYMynlHY7XYqfBQ/GPj
+Zfs8R9+A2Ws0XsldoGxuM6biAs/Ke1PqQzmmgrQYdis1CpbSJQvb4Em8WtA0MqYS
+CYsiu5RULOeAdLIhjmL2RGqBt1SpuWa9yMWfi8oveoRR50+XvlgDnaKCn/3ik7Wc
+8u7kfE42vcR07UmkTWeGfGHObVJqOFZby3cSGrKGon/Iex/fj1SJ+IBkUnaoepc4
+rwzxuw4H0BuZh/eOtII5Dz3MiEGwikZ5y748vBrwqWAoFz7wOPBJsJAEOxS4HZtg
+qnspHcsMB6cBKkJ7jqdsp68XAvA=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
- <!-- Serial No. 13055599478814939800, expires on Sun Sep 5
11:26:37 2027 GMT -->
+ <!-- Serial No. 17804384165062258221, expires on Mon Jun 17
13:47:46 2030 GMT -->
<ds:X509Certificate>
-MIID0DCCAjigAwIBAgIJALUuzo3wihqYMA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNV
-BAMTA29zdTAeFw0xNzA5MDcxMTI2MzdaFw0yNzA5MDUxMTI2MzdaMA4xDDAKBgNV
-BAMTA29zdTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANVpqu8A+Ipd
-ESHxIz7nQthxZP5qOW1H/dMOx6Mq2Mh/ybW867MRnZl6FSqHvMDsGaVJ7AEa9UeN
-Ml06iGlVHjPRNgkAK0OfPU3QMdI5J8ZDcGqAWewsDcDApsCE0CAPiZjYyrINdxCy
-sChNtlU61EAKSUGi6xCZABHRxKbOfsMNhrbshHkK4p8v1nZASp/hKLE5NYLnjiMO
.
.
.
The complete diff is available here:
https://wayf.incommonfederation.org/metadata-diff/prod-prod/prod-prod-1592579458-validUntil.2020-07-03T14.58.07Z.diff

An archive of this and past prod-prod diffs is available here:
https://wayf.incommonfederation.org/metadata-diff/prod-prod/?C=M;O=D

This is a one-way, notification only email list. If you have questions,
please email . You can also discuss related issues
with the community on .

- InCommon Federation Operations




Archive powered by MHonArc 2.6.19.

Top of Page