Page tree
Skip to end of metadata
Go to start of metadata

In Version 3.4 configurations using deprecated features will issue warnings that future versions will no longer process these features.  

This page attempts to provide a definitive list of the deprecated elements, attributes and namespaces in the custom (non Spring Native) syntaxes which are used to configure the IdP.  

This page is updated on a best-effort basis, but the definitive source of such information in the documentation remains the pages specific to configuration.

Namespaces used for attribute filtering

This refers to configuration described in AttributeFilterConfiguration.

Deprecated namespaces

  • All elements in the basic: (urn:mace:shibboleth:2.0:afp:mf:basic) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the saml: (urn:mace:shibboleth:2.0:afp:mf:saml) namespace are deprecated. This section describes how to convert from using these namespaces.

Deprecated Elements

The following elements are deprecated, there is no substitute available.

  • <PolicyRequirementRuleReference>
  • <PermitValueRuleReference>
  • <DenyValueRuleReference>

These elements were deprecated V3.0 

Namespaces used in attribute resolution

This refers to configuration described in AttributeResolverConfiguration.

Deprecated namespaces

  • All elements in the ad: (urn:mace:shibboleth:2.0:resolver:ad) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the dc: (urn:mace:shibboleth:2.0:resolver:dc) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the enc: (urn:mace:shibboleth:2.0:attribute:encoder) namespace are deprecated. This section describes how to convert from using these namespaces.
  • All elements in the pc: (urn:mace:shibboleth:2.0:resolver:pc) namespace are deprecated. This section has more details.

Deprecated Elements and Attributes

  • <Dependency> elements and the sourceAttributeID="name" attribute are deprecated and should be replaced by the InputAttributeDefinition and InputDataConnector elements.
  • The springResources="..." attribute in the StoredIDDataConnector is meaningless and deprecated.

Deprecated Resolver types (wip)

The following are deprecated and are replaced by the NameID Generation service.

  • CryptoTransientId (attribute type)
  • TransientId (attribute type)
  • SAML1StringNameIdentifier (encoder type)
  • SAML2StringNameID (encoder type)

The following Connection type (as provided to a RelationalDatabase configuration) is deprecated,

  • ApplicationManagedConnection is deprecated and replaced (for testing) by the SimpleManagedConnection and (in production) by the BeanManagedConnection.

The Metadata Namespace

The ChainingFilter is deprecated.  Filters specification do not need to be bracketed by a ChainingFilter.

The Relying Party Namespace

The entirety of this namespace is deprecated.   Metadata configuration is described here and the relying parties here.

The Security Namespace

This namespace was used primarily in the old style relying party file, which has been deprecated.

It was also used in the LDAPDirectory data connector to specify an X509 Credential to serve as either the trust (<StartTLSTrustCredential>) or authentication (<StartTLSAuthenticationCredential>) credentials used configure the TLS connection to the LDAP server.  These have been replaced with the trustFile="file"authCert-="file" and authKey="file" attributes.

Finally it could be used as part of the SignatureValidation filter.  This has had easier to configure attributes (either certificateFile="file" or trustengineRef="bean") since V3.0.

  • No labels

1 Comment

  1. In Version 3.4 configurations using deprecated features will issue warnings

    It will be useful to give an example warning message, which we can use in order to search in our logs.