OpenAthens SP software end of life is approaching.
Keystone, Wayfinder and the OpenAthens federation are unaffected.

Search

Skip to end of metadata
Go to start of metadata

Their is currently an issue with OASP processing the Metadata for the Czech academic identity federation (eduID.cz). The issue relates to parsing the serial number for a X509 cert which is stored in a numeric field rather than a text one within the Czech metadata, as the value is so large i.e. much greater than an integer it causes problems with the libXML library/parser.

The suggested workaround for this is to store a local copy of the Czech metadata and make the following alterations to it:

remove valid until attribute from the <EntitiesDescriptor element tag i.e.: validUntil="2012-05-04T23:55:01Z"

Remove all data between and including the two element tags shown below.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
</Signature>

Also remove the problematic serial number element itself.
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=TERENA SSL CA,O=TERENA,C=NL</ds:X509IssuerName>
<ds:X509SerialNumber>331672357796567899002876163212412578804</ds:X509SerialNumber>
</ds:X509IssuerSerial>

The recommended approach would be to automate this process in some way to make sure the metadata is up to date.

We will making some schema changes in the next release of OASP to avoid the need for this workaround.

  • No labels