Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] SP configuration for new InCommon Aggregate

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] SP configuration for new InCommon Aggregate


Chronological Thread 
  • From: "Kathy E. Wright" <>
  • To:
  • Cc: Kathy E Wright CCIT <>
  • Subject: Re: [Metadata-Support] SP configuration for new InCommon Aggregate
  • Date: Fri, 28 Mar 2014 19:43:13 -0400

Thank you for this information.

Although I cannot make further changes or perform tests on these SPs due to our student Registration beginning on Monday,  I will continue testing with other SPs and will report results as soon as I can.

Sincerest regards,
Kathy

On Mar 28, 2014 7:23 PM, "Tom Scavo" <> wrote:
On Fri, Mar 28, 2014 at 7:03 PM, Cantor, Scott <> wrote:
> On 3/28/14, 6:51 PM, "Tom Scavo" <> wrote:
>>
>>those two files are not byte-for-byte equivalent since the metadata
>>signing certificate is different in each case (same signing key,
>>different certificate).
>
> I assume the digest and sig value are though.

Yes they are (I just checked).

> And since the cert inside the KeyInfo..

The legacy metadata file has *two* certs in KeyInfo (the legacy
metadata signing cert and the cert of the legacy CA that signed the
legacy metadata signing cert) whereas the new fallback aggregate has
just one cert in KeyInfo, the new metadata signing cert. Other than
that, the two metadata files are identical.

> There needs to be a byte for byte compare of the digest inputs between the
> signature computation of a failing example and a working example with the
> same file. If that matches, and the SignedInfo digest octets match, then
> there has to be more to the debug log indicating something else is
> involved.

Only Kathy can provide more info (by cranking up the log output).
Everything looks good on my end.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page