Upgrading from V2

Documentation on the Shibboleth wiki about upgrading is at https://wiki.shibboleth.net/confluence/display/SP3/UpgradingFromV2

Attribute mapping does not include eduPersonTargetedID

One issue to highlight is that if you have never modified the attribute-map.xml file, an RPM upgrade will replace it with the new default version, and an old mapping for an incorrect version of eduPersonTargetedID was removed in this release. There are some IdPs in the UK federation which still make use of that broken attribute form. Just edit the file with a comment before upgrading to prevent this, or add in the following element after upgrade

    <Attribute name="urn:mace:dir:attribute-def:eduPersonTargetedID" id="targeted-id">
        <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>

Logging format

To enable the new logging format, you need to add

      <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" />

to the shibboleth2.xml file. See https://wiki.shibboleth.net/confluence/display/SP3/Logging

Metadata Provider

The V2-style of MetadataProvider needs changing, set uri to url for the location of the UK federation metadata aggregate

        <MetadataProvider type="XML" url="http://metadata.ukfederation.org.uk/ukfederation-metadata.xml"
            backingFilePath="/var/cache/shibboleth/ukfederation-metadata.xml" reloadInterval="14400">
            <MetadataFilter type="RequireValidUntil" maxValidityInterval="2592000"/>
            <MetadataFilter type="Signature" certificate="ukfederation.pem" verifyBackup="false"/>

Exporting assertions

The configuration of how the SP exports raw assertions has changed. If the Shibboleth SP proxies to your application and the application needs to access the raw assertions, then you must update your configuration to use the new options. See https://wiki.shibboleth.net/confluence/display/SP3/AssertionExport and https://wiki.shibboleth.net/confluence/display/SP3/ContentSettings for the new documentation.