[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Post upgrade to 4.2.1 - Invalid cookie header
From:       "Cantor, Scott via users" <users () shibboleth ! net>
Date:       2022-07-08 18:51:52
Message-ID: 8B7D04B9-47DC-4937-A4A2-2C4D1FCB9433 () osu ! edu
[Download RAW message or body]

On 7/7/22, 9:03 PM, "users on behalf of Jay Fowler" <users-bounces@shibboleth.net on \
behalf of fowler@csufresno.edu> wrote:

> Just a guess ... Perhaps the ordering of the date fields is preventing the client \
> from translating it correctly?

My code has always used DD Mon YYYY, that's the intended syntax, though max-age is \
actually the normal way now.

> The http metadata was updated successfully so it didn't limit anything. However the \
> error still showed in the logs and only seems to be apply to a few providers, \
> namely:

If they're not signing and properly expiring that metadata, it's not usable anyway. \
Remote metadata from third party federations is the only proper way to consume remote \
metadata. Vendors don't do this correctly and should never be trusted like that, and \
that's even *if* you apply the proper filters to prevent one from asserting metadata \
for another, which you are probably not doing.

-- Scott


-- 
For Consortium Member technical support, see \
https://shibboleth.atlassian.net/wiki/x/ZYEpPw To unsubscribe from this list send an \
email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]