SP 2.0: Metadata with EncryptionMethod elements fails to load

Scott Cantor cantor.2 at osu.edu
Tue Jan 20 18:37:25 UTC 2009

Russ Allbery wrote on 2009-01-20:
> If the schemas have changed in a way that would cause 2.1 to error with
> 2.0 schemas or 2.0 to error with 2.1 schemas, then yes, we need to version
> the dependency on the schemas so that upgrades don't leave a system in an
> inconsistent state.

The schemas that could change (i.e. not the SAML ones) are backward
compatible, but not forward. A valid configuration on 2.0 is guaranteed to
validate against the 2.1 schema but not vice versa. So, yes, if you're
packaging the schemas separately from the SP itself, you need to make sure
that a 2.1 SP is using at least the 2.1 schemas.

-- Scott

More information about the Pkg-shibboleth-devel mailing list