Shibboleth Developers

[Scott Cantor <>]

I've brought this up before, but at the time we deferred this issue to some
future point. Unfortunately, I've got to have this now, so I either patch
the target or I patch a private copy of the target.

Eventually we'll have a way of handling this sort of thing in SAML 2.0, but
in the meantime, I really need a way to add a timestamp to the
target->origin redirect. There is simply no other way with the current
protocol to detect stale pages in the history list when the back button is
used, and this is rapidly going to become a deal breaker for me getting this
rolled out here.

We've got a slate of updates to the arch doc anyway, so adding this doesn't
seem like a big deal to me, and it's purely optional. Nobody's origin will
break if it's there, and nobody's target will break if they don't include
it, so there's no compatibility issue at all.

As it is I'm going to hack my origin to actually look at it, not add
anything to CVS (yet). But I really need a target source distribution I can
give out here that includes the parameter and I'd like to add it with the
other cookie fixes I'm patching back into 1.1.

Is there a major objection to me just doing this, or do I have to fork?

(If there's a question about how this looks, it's just a time_t value in
decimal on the end, "&time=nnnnnnnnnn". Adds about 16 bytes to the URL.)

-- Scott