Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

  • When signing a document to be sent via email or some other text-based mechanism, consider using the output option --base64EncodeOutput. This will Base64 encode the signed document, which will eliminate errors caused by unintentional XML reformatting (the most common cause of signature problems).
  • Be wary of XML attributes with default values defined in the document schema (such as the regexp XML attribute on the Shibboleth <Scope> extension element). If such an attribute is omitted from an otherwise schema-valid XML document, this may result in verification failures for verifiers that perform schema validation. To mitigate this issue, ensure that all such attributes have explicit values in the document to be signed.


  • No labels