Shibboleth Developers

[Scott Cantor <>]

>       - There is no user ARP.  Only an admin ARP that looks like this:
> 
>       ARP: admin(admin)
>               SHAR: *.edu(default)
>                 URL: *.internet2.edu [edu, internet2, *]
>                         eduPersonAffiliation
>                         eduPersonPrincipalName
>                 URL: *.edu [edu, *]
>                         eduPersonAffiliation

You can't specify URLs that way within the context of a wildcarded SHAR,
this is mixing metaphors between URL and SHAR. If the SHAR is
wildcarded, you basically aren't specifying the target URL at all. It's
just *, or anything.

The way to look at that set of ARPs is like this:

>       ARP: admin(admin)
>               SHAR: *.edu(default)
>           SHAR: *.internet2.edu [edu, internet2, *]
>                         eduPersonAffiliation
>                         eduPersonPrincipalName
>           SHAR: *.edu [edu, *]
>                         eduPersonAffiliation

It's just three policies for three different kinds of wildcarded SHAR
expressions.

> Any suggestions for more complex ARPs for testing and demo?

Other than clarifying the above and making sure that's correctly laid
out and controlled, we should look at URL expressions with some path
information, so we need to create one or two that specify the SHAR
exactly.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--