Versions Compared

Old Version 21

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 22

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

...

Code Block
WARN [DEPRECATED:118] - xsi:type '{urn:mace:shibboleth:2.0:resolver:dc}StoredId', (class path resource [net/shibboleth/idp/attribute/resolver/spring/dc/stored.xml]): This will be removed in the next major version of this software; replacement is {urn:mace:shibboleth:2.0:resolver}StoredId

This page attempts to provide a definitive list of the deprecated elements, attributes and namespaces in the custom (non Spring Native) syntaxes which are used to configure the IdP.  

This page is updated on a best-effort basis, but the definitive source of such information in the documentation remains the pages specific to configuration.

Table of Contents
maxLevel2

Attribute Filtering

This refers to configuration described in AttributeFilterConfiguration.

Deprecated namespaces

  • All elements in the basic: (urn:mace:shibboleth:2.0:afp:mf:basic) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the saml: (urn:mace:shibboleth:2.0:afp:mf:saml) namespace are deprecated. This section describes how to convert from using these namespaces.

Deprecated Elements

The following elements are deprecated, there is no substitute available.

  • <PolicyRequirementRuleReference>
  • <AttributeRuleReference>
  • <PermitValueRuleReference>
  • <DenyValueRuleReference>

These elements were deprecated V3.0 

Attribute Resolution

This refers to configuration described in AttributeResolverConfiguration.

Deprecated namespaces

  • All elements in the ad: (urn:mace:shibboleth:2.0:resolver:ad) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the dc: (urn:mace:shibboleth:2.0:resolver:dc) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the enc: (urn:mace:shibboleth:2.0:attribute:encoder) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the pc: (urn:mace:shibboleth:2.0:resolver:pc) namespace are deprecated. This section has more details.

Deprecated Elements and Attributes

...

Deprecated Resolver types

The following are deprecated and are replaced by the NameID Generation service.

  • CryptoTransientId (attribute type)
  • TransientId (attribute type)
  • SAML1StringNameIdentifier (encoder type)
  • SAML2StringNameID (encoder type)

The following Connection type (as provided to a RelationalDatabase configuration) is deprecated,

  • ApplicationManagedConnection is deprecated and replaced (for testing) by the SimpleManagedConnection and (in production) by the BeanManagedConnection.

It is deprecated to use the JVM default trust store to secure the TLS connection to the LDAP Data Connector

Metadata 

The ChainingFilter is deprecated.  Filters specification do not need to be bracketed by a ChainingFilter.

The ExtensionSchema element as a child of the SchemaValidation metadata filter is deprecated.

The HttpMetadataProvider is deprecated

The FilesystemResourceHttpResource and FileBackedHttpResource types are all deprecated and replaced by the use of the backingFile attribute.  The the documentation

The maxValidityIntervalDuration="..." attribute of the RequiredValidUntilFilter must be a duration. (the legacy support of "value in seconds" will be removed)

The requireSignedMetadata="..." attribute of the SignatureValidationFilter is deprecated (and replaced with the requireSignedRoot attribute)

The following attributes are all deprecated as children of the HTTP based Metadata parsers (dynamic and batch)

  • basicAuthUser (replaced with httpClientSecurityParametersRef)
  • basicAuthPassword (replaced with httpClientSecurityParametersRef)
  • tlsTrustEngineRef (replaced with httpClientSecurityParametersRef)
  • requestTimeout (replaced with connectionTimeout)
  • disregardSslCertificate (replaced with disregardTLSCertificate)

The Relying Party Namespace

The entirety of this namespace is deprecated.   Metadata configuration is described here and the relying parties here.

The Security Namespace

This namespace was used primarily in the old style relying party file, which has been deprecated.

It was also used in the LDAPDirectory data connector to specify an X509 Credential to serve as either the trust (<StartTLSTrustCredential>) or authentication (<StartTLSAuthenticationCredential>) credentials used configure the TLS connection to the LDAP server.  These have been replaced with the trustFile="file"authCert-="file" and authKey="file" attributes.

Finally it could be used as part of the SignatureValidation filter.  This has had easier to configure attributes (either certificateFile="file" or trustengineRef="bean") since V3.0.

...

This topic has been subsumed into The generate DeprecatedIdPV4 topic