You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My organization asked me to provide them with SP metadata that doesn't have a validUntil. There doesn't seem to be a way to do this, so I modified the library to have a special validDuration value (a const that's set to -1) to indicate that validUntil should be nil, causing it to not be emitted at all in the metadata. Unfortunately, it was kind of messy implementing this without breaking backward compatibility.
Looking at the specification, ValidUntil is optional, but the specification says you should provide either that or CacheDuration. However, the XML schema for metadata does not enforce that. Further, the specification recommends you only have validDuration on the root element of the metadata, but in this implementation it appears both in the EntityDescriptor and the SPSSODescriptor. My gut feel tells me there's no good reason to do this, though it may be required if for some reason you had multiple SPSSODesctiptors. The comments in the spec say you might want to do this to set shorter expiration or cache duration intervals than in the root document.
The standard says:
When used as the root element of a metadata instance, this element MUST contain either a validUntil or cacheDuration attribute.
It is RECOMMENDED that only the root element of a metadata instance contain either attribute.
One odd thing is that there is an omitempty decorator on these fields, but neither of them can actually be empty so I can't see how it has any effect:
My organization asked me to provide them with SP metadata that doesn't have a validUntil. There doesn't seem to be a way to do this, so I modified the library to have a special validDuration value (a const that's set to -1) to indicate that validUntil should be nil, causing it to not be emitted at all in the metadata. Unfortunately, it was kind of messy implementing this without breaking backward compatibility.
Looking at the specification, ValidUntil is optional, but the specification says you should provide either that or CacheDuration. However, the XML schema for metadata does not enforce that. Further, the specification recommends you only have validDuration on the root element of the metadata, but in this implementation it appears both in the EntityDescriptor and the SPSSODescriptor. My gut feel tells me there's no good reason to do this, though it may be required if for some reason you had multiple SPSSODesctiptors. The comments in the spec say you might want to do this to set shorter expiration or cache duration intervals than in the root document.
The standard says:
One odd thing is that there is an omitempty decorator on these fields, but neither of them can actually be empty so I can't see how it has any effect:
What is the recommendation here? Is it time for a /v2 api?
The text was updated successfully, but these errors were encountered: