shibboleth-dev - Re: testing the one-hop validation scenario
Subject: Shibboleth Developers
List archive
- From: Derek Atkins <>
- To: "RL 'Bob' Morgan" <>
- Cc: Shibboleth Design Team <>
- Subject: Re: testing the one-hop validation scenario
- Date: 30 May 2003 19:48:53 -0400
Ok, I can reproduce this problem here.. I'll work on it.
I wonder, with the new trust/sites metadata formats, what's the
"calist" used for anymore?
-derek
"RL 'Bob' Morgan"
<>
writes:
> I will leave the UW origin HS on shib.cac.washington.edu set up to use a
> server cert issued by the UW CA. To test with it, a target would add the
> UW site metadata to sites.xml, then add the UW CA to trust.xml in the
> KeyAuthority section corresponding to the incommon pilot, ie with all the
> other CA certs. Data below, also at
> http://staff.washington.edu/rlmorgan/shib/, where you can also find the
> password to my UW test account, "rlbob", for logging in via UW's weblogin,
> and a trust.xml and sites.xml with these included.
>
> - RL "Bob"
>
> ---
>
> UW CA cert:
>
> -----BEGIN CERTIFICATE-----
> MIIDyzCCAzSgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMx
> CzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24x
> FDASBgNVBAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEm
> MCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwHhcNMDMwMjI2
> MDAzNjI3WhcNMzAwNzE0MDAzNjI3WjCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
> AldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsT
> C1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3
> DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQAD
> gY0AMIGJAoGBALwCo6h4T44m+7ve+BrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3Laf
> bbZYju0imlQLG+MEVAtNDdiYICcBcKsapr2dxOi31Nv0moCkOj7iQueMVU4E1Tgh
> YIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5cL6zNwV25gbn3AgMBAAGj
> ggEpMIIBJTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEGA1UdIwSB
> uTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVT
> MQswCQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9u
> MRQwEgYDVQQLEwtVVyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0Ex
> JjAkBgkqhkiG9w0BCQEWF2hlbHBAY2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1Ud
> EwQFMAMBAf8wMgYDVR0RBCswKYYnaHR0cDovL2NlcnRzLmNhYy53YXNoaW5ndG9u
> LmVkdS9zZXJ2ZXIvMA0GCSqGSIb3DQEBBAUAA4GBAJzYxZewlfHCMyBIUuvwFI1V
> WddBsyS+Sp2pcoPWence9C2aqVuIHFGRu25c6MwW+eB4TfSGB4vzxMghJCFWRjyf
> OgCKokC4ArghbbsbG5D04v4hG+UcQ00VMzzQ80QFlFrvOZQjtdhsII8MXWN1V272
> gTspdhggZ52qVnN5hwtD
> -----END CERTIFICATE-----
>
> ---
>
> UW HS site data:
>
> <OriginSite Name="urn:mace:incommon:pilot:washington.edu">
> <Alias>University of Washington</Alias>
> <Contact Type="technical" Name="RL 'Bob' Morgan"
>
> Email=""/>
> <HandleService
> Location="https://shib.cac.washington.edu/shibboleth/HS";
> Name="shib.cac.washington.edu"/>
> <Domain>washington.edu</Domain>
> </OriginSite>
>
>
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
PGP key available
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
- Re: testing the one-hop validation scenario, Derek Atkins, 05/30/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
- Re: testing the one-hop validation scenario, Derek Atkins, 05/30/2003
- Re: testing the one-hop validation scenario, RL 'Bob' Morgan, 05/30/2003
Archive powered by MHonArc 2.6.16.