Shibboleth Developers

[Scott Cantor <>]

I've got a simple draft schema for configuring the mapping between resources
and application IDs in the target.

Here's a sample:

<ApplicationMap xmlns="urn:mace:shibboleth:target:appmapper:1.0"
        ApplicationID="http://jstor.org/InCommon";>

        <VirtualHost Name="www.jstor.org" Port="443" SSL="true">
                <Path Name="admin"
        
ApplicationID="http://jstor.org/InCommon/admin"/>
        </VirtualHost>

</ApplicationMap>

There's a default ID at the root that you override at any point by inserting
VirtualHost elements (with hostname/port/scheme) and then Path elements.
Obviously you can nest Path elements in each other to whatever depth is
needed.

Constructing the above, you get https://www.jstor.org/* mapping to the
default app ID except that https://www.jstor.org/admin/* maps to the
overridden app ID.

I'll throw some XSLT together to include in the package to spit out the URL
mappings, shouldn't be too difficult (unless somebody wants to give me a
script, hint hint).

The ApplicationID values are URIs, and would normally be the SAML 2.0
ProviderID values used by a target/SP to issue messages, and dereferencing
the URI would usually return a SAML metadata document.

If anyone has any other suggestions, let me know.

A final note: IIS has no way a filter can ask for the active virtual
server's hostname. It has access only to what the browser happens to have
used in the Host header of its HTTP request. The way I hacked around this so
far was to map from the IIS instance ID of the vhost to a site name defined
in shibboleth.ini. I'll have to keep something along those lines in the code
before I can invoke this mapping file. (Apache doesn't have the problem
because of the ap_get_server_name call.)

-- Scott