...
Warning |
---|
...
Code Block |
---|
WARN [DEPRECATED:118] - xsi:type '{urn:mace:shibboleth:2.0:resolver:dc}StoredId', (class path resource [net/shibboleth/idp/attribute/resolver/spring/dc/stored.xml]): This will be removed in the next major version of this software; replacement is {urn:mace:shibboleth:2.0:resolver}StoredId |
This page attempts to provide a definitive list of the deprecated elements, attributes and namespaces in the custom (non Spring Native) syntaxes which are used to configure the IdP.
This page is updated on a best-effort basis, but the definitive source of such information in the documentation remains the pages specific to configuration.
Table of Contents | ||
---|---|---|
|
Attribute Filtering
This refers to configuration described in AttributeFilterConfiguration.
Deprecated namespaces
- All elements in the
basic:
(urn:mace:shibboleth:2.0:afp:mf:basic
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
saml:
(urn:mace:shibboleth:2.0:afp:mf:saml
) namespace are deprecated. This section describes how to convert from using these namespaces.
Deprecated Elements
The following elements are deprecated, there is no substitute available.
<PolicyRequirementRuleReference>
<AttributeRuleReference>
<PermitValueRuleReference>
<DenyValueRuleReference>
These elements were deprecated V3.0
Attribute Resolution
This refers to configuration described in AttributeResolverConfiguration.
Deprecated namespaces
- All elements in the
ad:
(urn:mace:shibboleth:2.0:resolver:ad
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
dc:
(urn:mace:shibboleth:2.0:resolver:dc
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
enc:
(urn:mace:shibboleth:2.0:attribute:encoder
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
pc:
(urn:mace:shibboleth:2.0:resolver:pc
) namespace are deprecated. This section has more details.
Deprecated Elements and Attributes
...
Deprecated Resolver types
The following are deprecated and are replaced by the NameID Generation service.
CryptoTransientId
(attribute type)TransientId
(attribute type)SAML1StringNameIdentifier
(encoder type)SAML2StringNameID
(encoder type)
The following Connection type (as provided to a RelationalDatabase
configuration) is deprecated,
ApplicationManagedConnection
is deprecated and replaced (for testing) by theSimpleManagedConnection
and (in production) by theBeanManagedConnection
.
It is deprecated to use the JVM default trust store to secure the TLS connection to the LDAP Data Connector
Metadata
The ChainingFilter
is deprecated. Filters specification do not need to be bracketed by a ChainingFilter.
The ExtensionSchema
element as a child of the SchemaValidation
metadata filter is deprecated.
The HttpMetadataProvider is deprecated
The FilesystemResource
, HttpResource
and FileBackedHttpResource
types are all deprecated and replaced by the use of the backingFile
attribute. The the documentation
The maxValidityIntervalDuration="..."
attribute of the RequiredValidUntilFilter must be a duration. (the legacy support of "value in seconds" will be removed)
The requireSignedMetadata="..."
attribute of the SignatureValidationFilter is deprecated (and replaced with the requireSignedRoot
attribute)
The following attributes are all deprecated as children of the HTTP based Metadata parsers (dynamic and batch)
basicAuthUser
(replaced withhttpClientSecurityParametersRef
)basicAuthPassword
(replaced withhttpClientSecurityParametersRef
)tlsTrustEngineRef
(replaced withhttpClientSecurityParametersRef
)requestTimeout
(replaced withconnectionTimeout
)disregardSslCertificate
(replaced withdisregardTLSCertificate
)
The Relying Party Namespace
The entirety of this namespace is deprecated. Metadata configuration is described here and the relying parties here.
The Security Namespace
This namespace was used primarily in the old style relying party file, which has been deprecated.
It was also used in the LDAPDirectory
data connector to specify an X509 Credential to serve as either the trust (<StartTLSTrustCredential>
) or authentication (<StartTLSAuthenticationCredential>
) credentials used configure the TLS connection to the LDAP server. These have been replaced with the trustFile="file"
, authCert-="file"
and authKey="file"
attributes.
Finally it could be used as part of the SignatureValidation
filter. This has had easier to configure attributes (either certificateFile="file"
or trustengineRef="bean"
) since V3.0.
...
This topic has been subsumed into The generate DeprecatedIdPV4 topic |