Windows QuickInstall 2.4.0 conf and metadata templates outdated
Basics
Logistics
Basics
Logistics
Description
Hi,
I have recently installed an IdP from the 2.4.0 QuickInstall MSI.
Great work - I'm impressed at how easy it was!
I had later found that some of the latest 2.4.0 functionality (specifically, SLO) wasn't working because the templates for the configuration files and the IdP internal metadata have not been updated for 2.4.0.
conf/handler.xml: missing profile handler ph:SAML2SLO for request paths /SAML2/Redirect/SLO, /SAML2/POST/SLO, /SAML2/POST-SimpleSign/SLO, /SAML2/SOAP/SLO, and /Logout
relying-part.xml:
profiles do not have the includeConditionsNotBefore="true" that has been added in 2.4.0 (but also defaults to true)
missing saml:SAML2LogoutRequestProfile in DefaultRelyingParty
I got all of this working by making the edits manually (copying from the templates extracted from the binary tarball distribution), but it would be nice to have this corrected in future versions of the QuickInstall MSI (keeping the config file templates in sync with main distribution).
Cheers, Vlad
Environment
None
Activity
Rod Widdowson
August 14, 2014 at 10:36 AM
Confirmed fixed
Rod Widdowson
August 14, 2014 at 10:35 AM
Login.config also changed
Rod Widdowson
August 6, 2014 at 10:27 AM
Changes made in R362. Testing still pending.
Scott Cantor
August 5, 2014 at 4:40 PM
Marking this blocker so Rod will update the files when we do an installer for the patch release.
Hi,
I have recently installed an IdP from the 2.4.0 QuickInstall MSI.
Great work - I'm impressed at how easy it was!
I had later found that some of the latest 2.4.0 functionality (specifically, SLO) wasn't working because the templates for the configuration files and the IdP internal metadata have not been updated for 2.4.0.
Specifically, I found the following omissions:
metadata/idp-metadata.xml: missing SingleLogoutService endpoints
conf/handler.xml: missing profile handler ph:SAML2SLO for request paths /SAML2/Redirect/SLO, /SAML2/POST/SLO, /SAML2/POST-SimpleSign/SLO, /SAML2/SOAP/SLO, and /Logout
relying-part.xml:
profiles do not have the includeConditionsNotBefore="true" that has been added in 2.4.0 (but also defaults to true)
missing saml:SAML2LogoutRequestProfile in DefaultRelyingParty
I got all of this working by making the edits manually (copying from the templates extracted from the binary tarball distribution), but it would be nice to have this corrected in future versions of the QuickInstall MSI (keeping the config file templates in sync with main distribution).
Cheers,
Vlad