Versions Compared

Old Version 47

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 48

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This refers to configuration described in AttributeFilterConfiguration.

Deprecated namespaces

  • All elements in the basic: (urn:mace:shibboleth:2.0:afp:mf:basic) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the saml: (urn:mace:shibboleth:2.0:afp:mf:saml) namespace are deprecated. This section describes how to convert from using these namespaces.

...

This refers to configuration described in AttributeResolverConfiguration.

Deprecated Namespaces

  • All elements in the ad: (urn:mace:shibboleth:2.0:resolver:ad) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the dc: (urn:mace:shibboleth:2.0:resolver:dc) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the enc: (urn:mace:shibboleth:2.0:attribute:encoder) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the pc: (urn:mace:shibboleth:2.0:resolver:pc) namespace are deprecated. This section has more details.

Deprecated Elements and Attributes

  • <Dependency> elements and the sourceAttributeID="name" attribute throughout the schema are deprecated and should be replaced by the InputAttributeDefinition and InputDataConnector elements, which are introduced with V3.4.0.  This section describes how to do the conversion.
  • The springResources attribute in the StoredIDDataConnector is meaningless and deprecated.
  • The use of a <FailoverDataConnector> as a child of a StaticDataConnector is deprecated.
  • The <PrincipalConnector> element is deprecated. (more details...)
  • The cacheResults attribute in the Relational Database and LDAP DataConnectors has been ignored since V3.1.0 and will be removed.
  • The mergeResults attribute in the LDAP DataConnector will be removed.
  • The queryUsesStoredProcedure attribute in the Relational Database and LDAP DataConnectors has been ignored since V3.0 and will be removed.
  • The use of the ApplicationManagedConnection element to provide the data source for a Relational Database DataConnector is deprecated and replaced (for testing) by the SimpleManagedConnection element and (in production) by the BeanManagedConnection element.
  • It is deprecated to use the JVM default trust store to secure the TLS connection in an LDAP Data Connector DataConnector.

Deprecated Resolver Types

The following are deprecated and are replaced by the NameID Generation service.

  • CryptoTransientId (attribute type)
  • TransientId (attribute type)
  • SAML1StringNameIdentifier (encoder type)
  • SAML2StringNameID (encoder type)

Functionality

Use of the AttributeResolverWorkContext class is deprecated in scripts. This is currently exposed during resolution as a child of the AttributeResolutionContext

Attribute IDs within the IdP containing whitespace are deprecated and will not be permitted in V4.

...

Deprecated Provider Types

  • The ChainingFilter metadata filter type is deprecated. Filters do not need to be explicitly bracketed by a ChainingFilter
  • The HTTPMetadataProvider is deprecated (this refers specifically to that one type, not the variant backed by a local file)
  • The FilesystemResourceHttpResource and FileBackedHttpResource types are all deprecated and replaced by the use of the backingFile attribute (see documentation).

Deprecated Elements and Attributes

  • The ExtensionSchema element as a child of the SchemaValidation  metadata filter is deprecated.
  • The maxValidityIntervalDuration attribute of the RequiredValidUntil filter must be a duration (the legacy support of "value in seconds" will be removed).
  • The requireSignedMetadata attribute of the SignatureValidation filter is deprecated (and replaced with the requireSignedRoot attribute)
  • The placement of a <sec:TrustEngine> within a MetadataProvider is deprecated (it was left purely for V2 legacy support). See below.
  • The following attributes are all deprecated as children of the HTTP-based Metadata parsers (dynamic and batch):
    • basicAuthUser (replaced with the more general httpClientSecurityParametersRef)
    • basicAuthPassword (replaced with the more general httpClientSecurityParametersRef)
    • credentialsProviderRef (replaced with the more general httpClientSecurityParametersRef)
    • tlsTrustEngineRef (replaced with the more general httpClientSecurityParametersRef)
    • requestTimeout (replaced with connectionTimeout)
    • disregardSslCertificate (replaced with disregardTLSCertificate)
    • httpCaching, httpCacheDirectory, httpMaxCacheEntrieshttpMaxCacheEntrySize (replaced with more general httpClientRef)

...

The entirety of this namespace is deprecated. Metadata configuration is described here and the modern form of relying party configuration here. The V2 syntax support will be dropped from V4.

...

This namespace was used primarily within the legacy relying party syntax, which has been deprecated.

It was also used in the LDAPDirectory data the LDAP data connector to specify an X.509 certificate to serve as either the trust (<StartTLSTrustCredential>) or authentication (<StartTLSAuthenticationCredential>) credentials used to configure the TLS connection to an LDAP server. These have been replaced with the trustFile="file"authCert="file" and authKey="file" attributes.

...

One non-deprecated case is within a SignatureValidation  filter. This, however, supports simpler replacement attributes (either certificateFile="file" or trustEngineRef="bean" for advanced cases).

...