Pieter van der Meulen
Pieter van der Meulen
+1 for continuing to allow the SSP config to be in PHP. I've seen many SSP installations that use the fact that config can be more than static values. If...
Do you mean when SSP is signing (could be IdP or SP) ? I.e. check that the RSA private key and the public key (from the certificate) used match? Checking...
Functionally trivial, yes. If there is a certificate provided in the XML signature, see if we trust it, if not explicitly log this as an info message. I agree that...
Hi Jaime, > Hi guys! > > If I understand correctly, there are two different issues here: one is the lack of proper logs telling you that the key used...
Regarding the security impact of using SHA-1 in the SSP NameID generation algorithm, I want to add a few observations: - The currently known attack (SHAtter) requires the start of...
`Meter Table Monitor` I've an "Eneco - Meteradapter" by "Prodrive B.V." PN: 6599-1500-0201 that sends this command. It is connected to the P1 port of my electricity meter. https://products.z-wavealliance.org/products/1281 Z-Wave...
Discussed this with @salaun-renater. The desired be behaviour would be for pyff to stop when it encounters a problem loading metadata. With "stop" I mean exiting pyff with a non...
The check approach could certainly work. It's a more verbose in writing. Not sure if it is easier to read. I like the idea of checking for the presence of...
Yes, I want an error => exit scenario and don't care what has been loaded or not at the point of an error. It's going to exit anyway. This is...