COmanage Developers List

[Ian Young <>]

On 14 Sep 2009, at 15:33, Michael R. Gettes wrote:

> And no, don't bother asking about getting foodle to work with Shib...
> the answer is it ain't happenin.  Others have tried.

I've been talking to Andreas for a while about simpleSAMLphp support  
for at least one of the profiles we recommend for the UK federation,  
specifically so that he can get Foodle working with some subset of our  
IdPs; I think Nicole from JISC was interested in having this happen  
and Andreas is due to talk to a conference here in November about how  
to do it... so he's looking for ways to make it possible.

As of (literally) today, I believe he has working code that does the  
Shib 1 authentication request and SAML 1.1 Browser/Artifact.  This is  
interworking with my Shib 1.3 IdP, but testing against my 2.1 IdP is  
part of the plan too.

He doesn't have SAML 1.1 Browser/POST with attribute callbacks yet,  
and he's not sure whether they will do that or not.  We happen to have  
a very high proportion of IdPs declaring artifact resolution  
endpoints, so it's not so necessary for us; I don't know what the  
situation is within InCommon (used to be much lower percentage than us  
for various reasons).

The other thing his current implementation doesn't do is PKIX, but my  
recollection is that InCommon has embedded certificates for everyone  
now anyway so that wouldn't be an issue for you.

So, I think Foodle + Shib *is* happening, at last.  Not sure when it  
will be suffiently debugged for Andreas to want to publicise it, though.

        -- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature