Bug#549936: breaks Shibboleth SPs: IdPs with KeyDescriptor use="signing" are broken

Scott Cantor cantor.2 at osu.edu
Tue Oct 6 20:24:29 UTC 2009

Faidon Liambotis wrote on 2009-10-06:
> I think the problem is in the following change:
>    * SECURITY: Correctly honor the "use" attribute of <KeyDescriptor> SAML
>      metadata to honor restrictions to signing or encryption.  This is a
>      partial fix; the complete fix also requires a new version of the
>      OpenSAML library.
> (i.e. the getCredentialContext -> getCredentalContext)

I can confirm that this would break in the manner described if you patch
xmltooling but NOT opensaml with the related fix.

It sounds like the opensaml patch and the SP rebuild didn't make it in yet.
My apologies if this wasn't clear to the packagers or if I caused a problem
with the way the fix was implemented.
-- Scott

More information about the Pkg-shibboleth-devel mailing list