Shibboleth Developers

[Scott Cantor <>]

> I started looking at javadocs on the website (beta).  Are 
> there any other docs we should read.  Javadocs do not have a lot of 
> explanations.

The index page (in java/ as opposed to java/docs/) has some pseudocode,
but currently only for the HS and SHIRE.

The way the AA has to do its work is by building up a SAMLResponse out
of its pieces/parts and then passing it into the SAMLBinding respond()
method, somewhat like before. So it's a little more work for the AA, but
nothing too hard.

If you follow the constructors along, you'll see the pieces you have to
build:

SAMLSubject (this is where the handle and domain get fed in)
SAMLAttributeStatement (takes subject and attributes)
SAMLAudienceRestrictionCondition (put the policy URI into this)
SAMLAssertion (takes a SAMLStatement array and a SAMLCondition array)
SAMLResponse (takes a SAMLAssertion array)

Any SAML exceptions that fire can be passed into the SAMLResponse
constructor, similar to before. Any really bad exceptions can be passed
into the respond() method, which turns them into a SOAP fault.

> In the new API I see there are no such methods as "getHandle()" or 
> "getIssuerDomain()".  Does "handle" come as a SAMLSubject ?

Right.

> Am I missing something?

No, take a look at the objects and if you have any questions about what
to put where, ask me and/or check the arch doc in section 6 where it
covers usage of SAML fields.

Note that you won't be signing the assertion or response for now, so you
can pass in null for any XMLSignature parameters.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--