...
This refers to configuration described in AttributeFilterConfiguration.
Deprecated namespaces
- All elements in the
basic:
(urn:mace:shibboleth:2.0:afp:mf:basic
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
saml:
(urn:mace:shibboleth:2.0:afp:mf:saml
) namespace are deprecated. This section describes how to convert from using these namespaces.
...
This refers to configuration described in AttributeResolverConfiguration.
Deprecated Namespaces
- All elements in the
ad:
(urn:mace:shibboleth:2.0:resolver:ad
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
dc:
(urn:mace:shibboleth:2.0:resolver:dc
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
enc:
(urn:mace:shibboleth:2.0:attribute:encoder
) namespace are deprecated. This section describes how to convert from using these namespaces. - All elements in the
pc:
(urn:mace:shibboleth:2.0:resolver:pc
) namespace are deprecated. This section has more details.
Deprecated Elements and Attributes
<Dependency>
elements and thesourceAttributeID="name"
attribute throughout the schema are deprecated and should be replaced by the InputAttributeDefinition and InputDataConnector elements, which are introduced with V3.4.0. This section describes how to do the conversion.- The
springResources
attribute in theStoredIDDataConnector
is meaningless and deprecated. - The use of a
<FailoverDataConnector>
as a child of aStaticDataConnector
is deprecated. - The
<PrincipalConnector>
element is deprecated. (more details...) - The
cacheResults
attribute in the Relational Database and LDAP DataConnectors has been ignored since V3.1.0 and will be removed. - The
mergeResults
attribute in the LDAP DataConnector will be removed. - The
queryUsesStoredProcedure
attribute in the Relational Database and LDAP DataConnectors has been ignored since V3.0 and will be removed. - The use of the
ApplicationManagedConnection
element to provide the data source for a Relational Database DataConnector is deprecated and replaced (for testing) by theSimpleManagedConnection
element and (in production) by theBeanManagedConnection
element. - It is deprecated to use the JVM default trust store to secure the TLS connection in an LDAP Data Connector DataConnector.
Deprecated Resolver Types
The following are deprecated and are replaced by the NameID Generation service.
CryptoTransientId
(attribute type)TransientId
(attribute type)SAML1StringNameIdentifier
(encoder type)SAML2StringNameID
(encoder type)
Functionality
Use of the AttributeResolverWorkContext class is deprecated in scripts. This is currently exposed during resolution as a child of the AttributeResolutionContext
Attribute IDs within the IdP containing whitespace are deprecated and will not be permitted in V4.
...
Deprecated Provider Types
- The ChainingFilter metadata filter type is deprecated. Filters do not need to be explicitly bracketed by a
ChainingFilter
- The HTTPMetadataProvider is deprecated (this refers specifically to that one type, not the variant backed by a local file)
- The
FilesystemResource
,HttpResource
andFileBackedHttpResource
types are all deprecated and replaced by the use of thebackingFile
attribute (see documentation).
Deprecated Elements and Attributes
- The
ExtensionSchema
element as a child of the SchemaValidation metadata filter is deprecated. - The
maxValidityIntervalDuration
attribute of the RequiredValidUntil filter must be a duration (the legacy support of "value in seconds" will be removed). - The
requireSignedMetadata
attribute of the SignatureValidation filter is deprecated (and replaced with therequireSignedRoot
attribute) - The placement of a
<sec:TrustEngine>
within a MetadataProvider is deprecated (it was left purely for V2 legacy support). See below. - The following attributes are all deprecated as children of the HTTP-based Metadata parsers (dynamic and batch):
basicAuthUser
(replaced with the more generalhttpClientSecurityParametersRef
)basicAuthPassword
(replaced with the more generalhttpClientSecurityParametersRef
)credentialsProviderRef
(replaced with the more generalhttpClientSecurityParametersRef
)tlsTrustEngineRef
(replaced with the more generalhttpClientSecurityParametersRef
)requestTimeout
(replaced withconnectionTimeout
)disregardSslCertificate
(replaced withdisregardTLSCertificate
)httpCaching
,httpCacheDirectory
,httpMaxCacheEntries
,httpMaxCacheEntrySize
(replaced with more generalhttpClientRef)
...
The entirety of this namespace is deprecated. Metadata configuration is described here and the modern form of relying party configuration here. The V2 syntax support will be dropped from V4.
...
This namespace was used primarily within the legacy relying party syntax, which has been deprecated.
It was also used in the LDAPDirectory
data the LDAP data connector to specify an X.509 certificate to serve as either the trust (<StartTLSTrustCredential>
) or authentication (<StartTLSAuthenticationCredential>
) credentials used to configure the TLS connection to an LDAP server. These have been replaced with the trustFile="file"
, authCert="file"
and authKey="file"
attributes.
...
One non-deprecated case is within a SignatureValidation filter. This, however, supports simpler replacement attributes (either certificateFile="file"
or trustEngineRef="bean"
for advanced cases).
...